Override component to main
pay-service 15.10+16.10.20160825-0ubuntu1 in yakkety: universe/gnome -> main
libpay2 15.10+16.10.20160825-0ubuntu1 in yakkety amd64:
universe/libs/optional/100% -> main
libpay2 15.10+16.10.20160825-0ubuntu1 in yakkety arm64:
universe/libs/optional/100% -> main
libpay2 1
Excellent, thanks Emily!
** Changed in: pay-service (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1614202
Title:
[MIR] pay-service
To manage notificati
Security Team ack for 16.10. As agreed via email, the security team will
do the extra tracking required by the bundled packages and the dev team
will assist with any CVEs that might arise. The package will be re-
evaluated before 17.04.
--
You received this bug notification because you are a memb
Reviewing the comments here, looks like the only things left are (1) to
land the fix for bug 1614267 (Built-Using & dh-golang) and (2) a
security team member saying they're fine with the Go code bundling that
this package does.
As far as I can see, this package uses two github modules that are
alr
> I had presumed this was a general requirement for any package, and not
> limited to code in Go. But sure.
I can't tell if you're being serious or just taking an opportunity to be
snarky, but I will answer as if you actually don't understand why Go is
unique.
Normally, if the security team updat
(In the medium term, Go will be getting shared library support, which
will make this whole thing much easier.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1614202
Title:
[MIR] pay-service
To mana
On Fri, 2016-08-19 at 15:34 +, Michael Terry wrote:
> Oh and another Go-in-main requirement I forgot before is "the
> requesting
> team must state their commitment to testing no-change-rebuilds
> triggered
> by a dependent library/compiler and to fix any issues found for the
> lifetime of the r
Sure, like I said elsewhere, if the security team is fine with it, I'm
fine.
Certainly while some of the bundled code isn't packaged in the archive,
other bundled code is (like gettext). That seems like low-hanging
fruit. But not a blocker for main.
Oh and another Go-in-main requirement I forgo
OK, I've asked security about this, and the answer is that dh-golang is
not a hard requirement from the security team. The fact is that pay-
service is not installable via "go get" and there is no good reason to
make it so (golang's build tools lack a significant amount of system
integration suppor
Built-Using is not automatic (${misc:Built-Using} is filled
automatically, but you have to put the line in there).
Built-Using, dh-golang, and unbundling us much as possible is a hard
request by the security team for any Go code entering main.
If you think it's too difficult to modify this packag
** Changed in: pay-service (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1614202
Title:
[MIR] pay-service
To manage notifications about this bug go to:
htt
On Wed, 2016-08-17 at 19:21 +, Michael Terry wrote:
> - Needs a team bug subscriber. Maybe phablet-team or unity-api-team?
Right. Subscribed.
> - For a package built with Go (as pay-service is), it needs to use
> dh-
> golang and "Built-Using: ${misc:Built-Using}" in its control
> file. The
- Needs a team bug subscriber. Maybe phablet-team or unity-api-team?
- For a package built with Go (as pay-service is), it needs to use dh-
golang and "Built-Using: ${misc:Built-Using}" in its control file. The
3rd party packages are all bundled in too, which is bad. You should use
golang-githu
13 matches
Mail list logo