Forum: >>> Magnum BBS <<<

Bug#1096174: keep golang-github-jesseduffield-go-git out of testing

From Jongmin Kim@21:1/5 to simon@josefsson.org on Wed Mar 5 08:00:01 2025

Dear Simon,

On Mon, 17 Feb 2025 09:22:50 +0100 Simon Josefsson <simon@josefsson.org> wrote:

I did an upstream upload of go-git to fix some security vulnerabilities
for trixie:

https://tracker.debian.org/pkg/golang-github-go-git-go-git

However I today realized that we have a old fork of that project that
still have the security vulnerability:

https://tracker.debian.org/pkg/golang-github-jesseduffield-go-git

Thanks! I have forwarded the CVEs to the upstream[1].

[1] https://github.com/jesseduffield/lazygit/issues/4354

Fortunatately this project doesn't seem to have any reverse dependencies
in Debian (see dak output below). �I don't think this package should be shipped in trixie, so I'm opening this bug report to trigger this. �Does anyone disagree?

This package (golang-github-jesseduffield-go-git) was required for lazygit,
but I have prepared a patch to use golang-github-go-git-go-git instead[2].

[2] https://salsa.debian.org/jmkim/lazygit-unvendored/-/blob/debian/sid/debian/patches/migrate-go-git.patch

Since this package is no longer necessary, I will request its removal.

Please note that lazygit has not yet been uploaded. I am currently
preparing it for Trixie.

Many thanks!

--
Jongmin Kim
D3D7 A235 22B6 41FB 78AC C775 0000 01EF CF1A 50FA

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE/y/olA10eBDwRZb+NFDpXZ0DR6gFAmfH8+cACgkQNFDpXZ0D R6h0CxAApfSLRN9o84AZ6QRq7LPPZB8oiNEu39fcTyLsp5r2QbrkyDabo6cvA8bE 9BShpnjFgVN1sw3vOiGm97LR6RzJ2W7xSikRGLn4gTouRg6y4f5oFjZavwjYI01B eqPh+zg7W6JBFN2wd113CROJCtTyFj3IdlWT+WShd9UjA+73p/y6JoylyfSKNQr3 B03S7cPcqBnNXfGh9tsZj/F19IDr6HebPrzfa5QpNE3u+K3b1oH3SIbOoWjNAcEy URBZ7ZJmsgpJdOtqHkiPReV/QNxrT5YTynG8yMoWa1BAUHc9W4dcFO0hGV4/5I6k UH96+BKHtRVvOjHPMLNJXAUTLY2AlyCZMOswqokd52hOVdpDuGH6e5yGu3svkJsj nRg7Cilj+ib9BvgC8l1UAxhrItdj0rmg+CKjEQY8Jf+DDuoQKGLbZ1d9zPSylq18 LxrtyxJjQXVPr39BgIuAT1mDeWMz7VAnKmo0ZgFpvnnDoUXLTyMh79nDfgpVUahq vpOzSZ66BzgABJvD15Ic2Ryjm+P0DqcnCkSSS2zp+RAPnlxxr3QUzVCUJUNEvMOv m1jwpmNd6IIZlIi5L0asv/j4nO0xbcxRGbS+AhZ51AwGsvlhSEDwKBzRSIzHepdw 01dgj5R7OODfXroJTvfzlFGSWsWYuo8t/I5Au/B3WxF2JHU2Fjw=
=9CcW
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Adam Fancher
  Thu May 22 20:51:38 2025
  from Winsted, Ct via Telnet
- Jokke
  Thu May 22 20:13:05 2025
  from Be via Telnet
- Jokke
  Thu May 22 15:51:38 2025
  from Be via Telnet
- Adam Fancher
  Thu May 22 15:27:52 2025
  from Winsted, Ct via Telnet
- Skwx
  Thu May 22 15:25:23 2025
  from London, Uk via Telnet
- Jokke
  Thu May 22 11:19:03 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:58:11 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:43:16 2025
  from Be via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	14:39:13
Calls:	9,540
Calls today:	8
Files:	13,653
Messages:	6,139,624
Posted today:	1

Bug#1096174: keep golang-github-jesseduffield-go-git out of testing

Who's Online

Recent Visitors

System Info