On Tue, Jan 16, 2024 at 10:59:30AM +0100, Simon Josefsson wrote:
> Rebuilding a bit more than what is strictly needed sounds fine as a
> first solution to me.
Building maybe. But how do you want to publish them? The security
archive is not made to handle that.
> My naive approach on how to fix a security problem in package X which is
> statically embedded into other packages A, B, C, ... would be to rebuild
> the transitive closure of all packages that Build-Depends on X and
> publish a security update for all those packages.
So if a fix to the net/tls module of go shows up (happens from time to
time), all go packages needs to be rebuilt?
Bastian
--
Many Myths are based on truth
-- Spock, "The Way to Eden", stardate 5832.3
