Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The situation with backporting security fixes is still the same. Debian could backport the fix to any node/go lib the same way they backport security fixes to C libs.

The only difference is that a backported fix in a language that uses vendored dependencies rather than .so's needs to have all depending packages rebuilt.



Debian Developer here. Backporting fixes to tenths of thousands of packages is already a huge amount of (thankless) work.

But it's still done - as long as there's usually one version of a given library in the whole archive.

Imagine doing that for e.g. 5 versions of a given library, embedded in the sources of 30 different packages.


I'm sorry to hear that it's thankless. Thank you for doing it. It is one of the pillars of my sanity, and I am not exaggerating.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: