1. Forum
  2. Usenet
  3. LINUX.DEBIAN.SECURITY

  • Security updates for software written in Go

    From =?UTF-8?Q?Lauren=c8=9biu_P=c4=83nce@21:1/5 to All on Fri Nov 13 13:20:01 2020
    Hello,

    the Debian Buster release notes state that no security updates are
    possible for software written in Go due to its static linking - Debian
    lacks the infrastructure to mass-rebuild all affected Go packages. Did
    this change in the mean time? If not, is there ongoing work to change this?

    The same release notes state that just Firefox and Chromium can be
    supported with security updates, but Chromium is several major versions
    behind in Buster, it appears as vulnerable to lots of CVEs and the last
    DSA for chromium was at the beginning of July.

    Best regards,
    Laurentiu

    [1] https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#limited-security-support
    [2] https://security-tracker.debian.org/tracker/source-package/chromium

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)