Re: Limited security support for Go/Rust? Re ssh3

To: debian-devel@lists.debian.org
Subject: Re: Limited security support for Go/Rust? Re ssh3
From: Bastian Blank <waldi@debian.org>
Date: Tue, 16 Jan 2024 12:55:14 +0100
Message-id: <[🔎] 20240116115514.y3jok53h6ihcujso@shell.thinkmo.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87r0ihegzh.fsf@kaka.sjd.se>
References: <1fe67b9f-f332-4239-9f96-3d780c0e8106@debian.org> <ZZARdHGmUlUZZa0o@riva.ucam.org> <87cyup5mix.fsf@kaka.sjd.se> <a9c550619c1944fe6db7ea33b27774e0f8d75e6e.camel@posteo.de> <[🔎] 874jfgtffd.fsf_-_@kaka.sjd.se> <[🔎] 20240114111729.rhi7eekkd3h5fpjg@shell.thinkmo.de> <[🔎] 87v87wrl86.fsf@kaka.sjd.se> <[🔎] 20240115091717.tl2rif5mfnz7bwvp@shell.thinkmo.de> <[🔎] ec4237994fdf9ba540a7d31ba7521a53da0b091f.camel@debian.org> <[🔎] 87r0ihegzh.fsf@kaka.sjd.se>

On Tue, Jan 16, 2024 at 10:59:30AM +0100, Simon Josefsson wrote:
> Rebuilding a bit more than what is strictly needed sounds fine as a
> first solution to me.

Building maybe.  But how do you want to publish them?  The security
archive is not made to handle that.

> My naive approach on how to fix a security problem in package X which is
> statically embedded into other packages A, B, C, ... would be to rebuild
> the transitive closure of all packages that Build-Depends on X and
> publish a security update for all those packages.

So if a fix to the net/tls module of go shows up (happens from time to
time), all go packages needs to be rebuilt?

Bastian

-- 
Many Myths are based on truth
		-- Spock, "The Way to Eden",  stardate 5832.3

Reply to:

Follow-Ups:
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Bastian Blank <waldi@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Bastian Blank <waldi@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Paul Wise <pabs@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Re: Limited security support for Go/Rust? Re ssh3
Next by Date: Re: privilege separation by IPC vs. privilege separation by setuid
Previous by thread: Re: Limited security support for Go/Rust? Re ssh3
Next by thread: Re: Limited security support for Go/Rust? Re ssh3
Index(es):
- Date
- Thread