Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aeZOttxgx4WSc-Kj@framework>
Date: Mon, 20 Apr 2026 18:07:59 +0200
From: Morten Linderud <morten@...derud.pw>
To: oss-security@...ts.openwall.com
Subject: Re: Go 1.26.2 and Go 1.25.9 are released with 10
 security fixes

On Sun, Apr 19, 2026 at 10:46:43PM +0200, Matthias Ferdinand wrote:
>
> Arch linux appears not to have recompiled Go applications (or at least
> not all of them, only checked restic)

We don't.

I originall did this work a few years ago but it just produced a huge list of
packages that would need to be worked through that carried other issues. The
build infra is not there to dispatch larger rebuilds for this and all of it
would be hand holding.

There are 431 depending on go, and each project would need to be
unpacked/scanned and then rebuilt accordingly.

You could just rebuild everything, but that alone would take a few days
depending on volunteer time.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.