Hi fellow LTS contributors I have a question about go package support.
The question is whether we should try to support it in LTS or not: According to this we do not give security support for go packages in buster. https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking There is also a discussion thread about adding this kind of information to debian-security-support package, but there are concerns about wildcards being a little too noisy. I can also see a note in dla-needed for Thorsten working on automating go updates. My thinking is that we should remove these packages from dla-needed.txt file and mark the CVE entries as EOL. Alternatively make some statement that we do in fact intend to make these updates even though they are not done for buster. Buf in that case, what is the motivation for making such updates for oldstable when there is no plan to do is for stable. What do you think? Cheers // Mvh Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
