Paul Gevers wrote
> + <section id="golang-static-linking">
> + <!-- Check if this still matches the view of the security team -->
> + <title>Go based packages</title>
> + <para>
> + The Debian infrastructure currently doesn't properly enable
> + rebuilding packages that statically link parts of other
> + packages on a large scale.
It's not obvious what "on a large scale" modifies here, and perhaps
instead of talking about a build process linking parts of packages we
should just make it:
The Debian infrastructure currently has problems with
rebuilding packages of types that systematically use static
linking.
> Until buster that hasn't been a
Now that the buster release is in the past I'd have to say:
Before buster this wasn't a
> + problem in practice, but with the growth of the Go ecosystem
> + it means that Go based packages will be covered by limited
Optional extra hyphen: Go-based packages.
> + security support until the infrastructure is improved to
> + deal with them maintainably.
> + </para>
> + <para>
> + If updates for Go <quote>libaries</quote> are warranted,
Missing R in libRaries! (But why in quotes? Should that be
<emphasis>?)
> + they can only come via regular point releases, which may be
> + slow in arriving.
> + </para>
> + </section>
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
