Bug#1068085: RM: golang-github-go-git-go-git-fixtures -- RoM; possible vector for security vulnerabilities
Control: tags -1 + moreinfo There's ongoing discussion regarding the urgency of go-git-fixtures' removal, and whether such drastic action is necessary. Additionally, it has 2 rdeps in testing that need to be dealt with first. The uploader for the go-git-fixtures package also needs to be consulted. https://lists.debian.org/debian-go/2024/03/msg00041.html Kind regards, Maytham OpenPGP_0xD597897206C5F07F.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1068085: RM: golang-github-go-git-go-git-fixtures -- RoM; possible vector for security vulnerabilities
Package: ftp.debian.org Severity: normal go-git-fixtures is mainly made up of tgz archives containing bare Git repos, which are decompressed and used in the testing of golang-github-go-git-go-git. In light of the recent xz-utils drama, having binary archives without any easy method of regenerating them seems like a bad idea. Kind regards, Maytham signature.asc Description: This is a digitally signed message part
