Am 21.03.25 um 13:55 schrieb Alejandro Saez Morollon via golang:
On Thu, Mar 20, 2025 at 4:22 PM Zdenek Dohnal via golang
mailto:golang@lists.fedoraproject.org>>
wrote:
Hi all,
I maintain two components written in Go, so time to time the components
get CVE reports where vulnera
* Zdenek Dohnal via golang:
> Once CVE fix comes into golang and new golang version is released,
> presence of the older version in buildrequires of other package will
> indicate the package includes vulnerable code, and it has to be
> rebuilt once the original package includes a fix.
A different
On 3/27/25 2:46 AM, Zdenek Dohnal via golang wrote:
FTR it is because podman uses vendor/modules.txt which is used by script
Alejandro sent in the other email.
It's actually because podman enables modules mode
(https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec#_10).
This
On 3/26/25 16:10, Florian Weimer wrote:
How did you get such output from 'go version -m'? Or is it a
theoretical output? Because if I call this on my ipp-usb binary, I get
this output:
$ go version -m /usr/sbin/ipp-usb
/usr/sbin/ipp-usb: go1.23.7
path github.com/OpenPrinting/ipp-usb
* Zdenek Dohnal:
> On 3/21/25 10:53, Florian Weimer wrote:
>> A different way to do this would involve a dependency generator that
>> looks at “go version -m” output like this:
>>
>> dep golang.org/x/crypto v0.32.0
>> dep golang.org/x/expv0.0.0-20250103183323-7d7fa50
Hi Alejandro!
On 3/21/25 13:55, Alejandro Saez Morollon wrote:
I'm not really sure if I understand the problem, but hope these two
things help:
First, this is not exactly what you want to do, but we have a script
in the rpms/golang package to generate the provides, maybe you can
draw inspi
On Wed, Mar 26, 2025 at 2:26 PM Zdenek Dohnal via golang
wrote:
>
> Hi Florian!
>
> Thank you for the idea!
>
> I knew about 'go version', which would give me go version as whole, but
> not about the possibility to use this to see versions of used modules -
> great to know!
>
> On 3/21/25 10:53, F
Hi Florian!
Thank you for the idea!
I knew about 'go version', which would give me go version as whole, but
not about the possibility to use this to see versions of used modules -
great to know!
On 3/21/25 10:53, Florian Weimer wrote:
A different way to do this would involve a dependency ge
On Thu, Mar 20, 2025 at 4:22 PM Zdenek Dohnal via golang <
golang@lists.fedoraproject.org> wrote:
> Hi all,
>
> I maintain two components written in Go, so time to time the components
> get CVE reports where vulnerable code comes from another component via
> static linking during build.
>
> I was
On Thu, Mar 20, 2025, at 10:19 AM, Zdenek Dohnal via golang wrote:
> Hi all,
>
> I maintain two components written in Go, so time to time the components
> get CVE reports where vulnerable code comes from another component via
> static linking during build.
>
> I was trying to figure out how to
10 matches
Mail list logo
