Stephan Verbücheln writes:
> On Sat, 30 Dec 2023 12:47:48 + Colin Watson
> wrote:
>> I also feel that something security-critical like this that's
>> labelled by upstream as "still experimental" probably shouldn't
>> be in a Debian release.
>
> It is written in Go. The problem of Go library
Package: wnpp
Severity: wishlist
Owner: Jérémy Lal
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Javascript Maintainers
* Package name: node-luxon
Version : 3.4.4
Upstream Contact: https://github.com/moment/luxon/issues
* URL : https://moment.github.io/luxon/
*
On Sun, Jan 14, 2024 at 10:47:18AM +0100, Simon Josefsson wrote:
> Stephan Verbücheln writes:
>
> > On Sat, 30 Dec 2023 12:47:48 + Colin Watson
> > wrote:
> >> I also feel that something security-critical like this that's
> >> labelled by upstream as "still experimental" probably shouldn't
>
On Sun, 2024-01-14 at 10:47 +0100, Simon Josefsson wrote:
> The more I think about it, I think it seems unfair to categorize this
> as a Go/Rust problem.
The point is that it should be possible all packages in Debian without
dependencies which are outside of Debian.
The same problem exists with all
Hi Simon
On Sun, Jan 14, 2024 at 10:47:18AM +0100, Simon Josefsson wrote:
> As an analogy, consider the ./configure scripts that is generated by
> autoconf during build of many packages. The script typically generate
> code that is put into config.h that is used (statically) during
> compilation
On Fri, Dec 29, 2023 at 11:30:14AM +0100, Simon Josefsson wrote:
> * Package name: ssh3
This package name is clearly not acceptable. SSH is a well known name
and this project is completely unrelated to it.
So this is an accademic project. I would question that it actually
solves the same pr
Bastian Blank writes:
> On Fri, Dec 29, 2023 at 11:30:14AM +0100, Simon Josefsson wrote:
>> * Package name: ssh3
>
> This package name is clearly not acceptable. SSH is a well known name
> and this project is completely unrelated to it.
Agreed. Packagers have settled on using 'soh' for the
Bastian Blank writes:
> Hi Simon
>
> On Sun, Jan 14, 2024 at 10:47:18AM +0100, Simon Josefsson wrote:
>> As an analogy, consider the ./configure scripts that is generated by
>> autoconf during build of many packages. The script typically generate
>> code that is put into config.h that is used (s
Package: wnpp
Severity: wishlist
Owner: Francesco Ballarin
X-Debbugs-Cc: debian-devel@lists.debian.org, francesco.balla...@unicatt.it
* Package name: pusimp
Version : 0.1.0
Upstream Contact: Francesco Ballarin
* URL : https://github.com/python-pusimp/pusimp
* License
Simon Josefsson wrote:
> Isn't that what the text refers to? Vendoring and static linking are
> two examples of the same problem that the security team may encounter.
> The problem with dependencies are more obvious for Go/Rust code but I
> think we always have had that problem anyway.
Another ex
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-sassoftware-go-rpmutils
Version : 0.2.0-1
Upstream Author : SAS Institute, Inc.
* URL : https://github.com/sassoftware/go-rpmutils
* License : Apache-2.0
Programming Lang: G
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-qur-ar
Version : 0.0~git20130629.282534b-1
Upstream Author : Blake Smith, Julian Phillips
* URL : https://github.com/qur/ar
* License : Expat
Programming Lang: Go
Descript
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: relic
Version : 7.6.1-1
Upstream Author : SAS Institute, Inc.
* URL : https://github.com/sassoftware/relic
* License : Apache-2.0
Programming Lang: Go
Description : digitally sign L
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-shibumi-go-pathspec
Version : 1.3.0-1
Upstream Author : Sander van Harmelen, Christian Rebischke
* URL : https://github.com/shibumi/go-pathspec
* License : Apache-2.0
Progra
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-spiffe-go-spiffe
Version : 2.1.6-1
Upstream Author : Agustín Martínez Fayó, Andrew Harding, et al
* URL : https://github.com/spiffe/go-spiffe
* License : Apache-2.0
Programm
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: in-toto-golang
Version : 0.9.0-1
Upstream Author : Aditya Sirish, Christian Rebischke, Lukas Pühringer, et al
* URL : https://github.com/in-toto/in-toto-golang
* License : Apache-2.0
Prog
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-zeebo-errs
Version : 1.3.0-1
Upstream Author : Jeff Wendling
* URL : https://github.com/zeebo/errs
* License : Expat
Programming Lang: Go
Description : errs is a Go li
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-cyberphone-json-canonicalization
Version : 0.0~git20220623.57a0ce2-1
Upstream Author : Anders Rundgren
* URL : https://github.com/cyberphone/json-canonicalization
* License :
Package: wnpp
Severity: wishlist
Owner: Gürkan Myczko
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: gpu-burn
Version : 0+git20240115+ds
Upstream Authors: Ville Timonen
URL : https://github.com/wilicc/gpu-burn
* License : BSD-2-clause
Descript
19 matches
Mail list logo
