My concern isn't so much in that these binaries come with the source -- it sounds suboptimal, but it's not quite as bad as shipping binary blobs we haven't built ourselves...
That's the main issue I have with it and with removing the line from rules which deletes .syso files (note that we probably shouldn't ship any binaries we have not built ourselves, that includes other ELF binaries packed in the source tarball). It's possibly OK to run these binaries late in the build process when running tests because we are not exposing our users to untrusted binaries directly (as long as they don't go silently change the binaries we built and are about to ship), but shipping these files to users without having built them ourselves sounds like a security accident waiting to happen. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1487928 Title: please upload 1.5 final packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang/+bug/1487928/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
