Am 08.02.2019 um 16:20 schrieb Chris Lamb: > Hi all, > >>> There is no sensible way to schedule binnmu's via security. So far none >>> appeared AFAIK. > […] >> thanks for the quick feedback still! > > Indeed thanks for the feedback. Looking into this quickly from a > jessie chroot: > > $ build-rdeps golang > > Reverse Build-depends in main: > ------------------------------ > > heartbleeder > golang-gocapability-dev > aptly > > Assuming that is right (it seems a curiously small number to me...) > I then believe we may only need sourceful uploads of: > > * aptly > * heartbleeder > > ... as golang-gocapability-dev does not import "crypto/elliptic". > However, it could be using it transitively so it might be worth > uploading just in case. > > Sound sensible?
Hi all, I think the small number is due to the "golang" keyword. If you search for golang-go, the actual go compiler at that time, you'll get more packages. Please note that I was not able to get build-rdeps to run in a jessie chroot, so you might want to execute "build-rdeps golang-go" in your chroot to compare the lists. However, this list has been generated with the following command: $ grep-dctrl -FBuild-Depends golang-go -w -sPackage /var/lib/apt/lists/*Sources codesearch direnv go-md2man gocode golang-barcode golang-bindata golang-blackfriday golang-context golang-coreos-log golang-dbus golang-dns golang-doozer golang-ed25519-dev golang-etcd golang-go-dbus golang-go-flags golang-go-patricia golang-go-systemd golang-go.crypto golang-go.tools golang-gocheck golang-godebiancontrol-dev golang-gogoprotobuf golang-goprotobuf golang-goptlib golang-goyaml golang-libgeoip golang-log4go golang-metrics golang-mreiferson-httpclient golang-mux golang-nzaat golang-objx golang-openldap golang-pb golang-pretty golang-pty golang-raft golang-rrd golang-siphash-dev golang-termbox golang-testify golang-text golang-thrift golang-uuid golang-vhost golang-websocket gopacket kxd libguestfs ngrok obfs4proxy pt-websocket slt Please note that there are probably a lot of false positives in this list, because not every package uses crypto/elliptic. Regards, Tobias
Description: OpenPGP digital signature