It is stated in the bug description:
"- This package violates Debian Policy. It vendorizes various Go (in vendor/) and Rust libraries (in vendor_rust/). We are maintaining them up to date with dependabot in our upstream CI. The Go part is covered by the govulncheck security scanning on the Go version we are depending on and its vendored dependency."
However there's no TODO wrt to that. Just the translations as a recommendation.
@jibel
> can you point to the Debian Go packaging guidelines you're mentioning? /go-team. pages.debian. net/packaging. html
https:/
It is stated in the bug description:
"- This package violates Debian Policy. It vendorizes various Go (in vendor/) and Rust libraries (in vendor_rust/). We are maintaining them up to date with dependabot in our upstream CI. The Go part is covered by the govulncheck security scanning on the Go version we are depending on and its vendored dependency."
However there's no TODO wrt to that. Just the translations as a recommendation.