Bug#928026: release-notes: document the state of security support for golang packages in Buster

Holger Levsen

2019-04-26 10:40:02 UTC

package: release-notes

Are there other concerns or warnings and
should they already be mentioned in the release notes?

There has been no visible movement on the issues with Go as mentioned in
https://lists.debian.org/debian-release/2018/07/msg00002.html (and
this dates back much further, initial discussions were from 2016 or
earlier).
This is already an issue in Stretch (e.g. #922170), but will be much
worse in Buster, so unless someone reliably commits to work on
this ASAP the available options are to drop everything Go apart
from the toolchain packages from buster or exclude of all that mess
from security updates so that people know what they can expect.

filing a bug (in coordination with Moritz) so this doesnt get forgotten.

Also, I believe this bug should be cloned and reassigned to
src:debian-security-support as well, so it's also documented there. Will
do so once the bug arrives back.

--
tschau,
Holger

-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C