singularity bundled the source code of the go toolchain out of necessity because there was
a serious golang security vulnerability fixed in 1.16.12, and epel7 was providing only a
golang 1.15 version despite my urgent pleas for an upgrade. I have now become the
provider of golang on epel7 and as of Friday it is updated to 1.16.12, so the bundling can
be removed from future releases of singularity (if there are any) and apptainer.
Dave
On Tue, Feb 01, 2022 at 06:08:53PM -0000, Mattia Verga wrote:
> I have been asked to review 'apptainer' package request [1], which is a
package rename of 'singularity' already present in Fedora repositories [2], but I
need some advices from experienced Go packagers, as I know very little of Go...
>
> Aside from not using any macro in the spec file, it seems that both the new package
and the existing one are bundling the Go toolchain and use that for compiling.... I
don't think that's allowed, but I'm asking, since 'singularity'
already does that and it's available in repos.
>
> Thank you
> Mattia
>
> [1]
https://bugzilla.redhat.com/show_bug.cgi?id=2034758
> [2]
https://src.fedoraproject.org/rpms/singularity
> _______________________________________________
> golang mailing list -- golang(a)lists.fedoraproject.org
> To unsubscribe send an email to golang-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure