Comment 12 for bug 1545913

"The security team has requested changes to the current juju packaging with the ultimate goal of breaking out the embedded non-juju golang dependencies.

As part of this FFE, the juju-core package depends upon all currently packaged golang depends that are already in the archive.

The remaining ~15 dependencies have been packaged and will be uploaded to the archive once the archive has opened again for Y development. We will not be attempting to add these additional packages as part of this FFE."

I looked at the Packages file in the PPA and verified that juju was Built-Using the specified packages. One small thing, juju Build-Depends on golang-go.net-dev but this is a transitional package that pulls in golang-x-net-dev (which is found in Built-Using). Please adjust the Build-Depends to use golang-x-net-dev instead.

With my security team hat on, progress was made on bug #1508120 with the current packaging in the ppa so juju is heading in the right direction wrt to embedded code copies. Therefore the security team will not block this FFe. Thank you for making these changes.

With my MIR team hat on I'll comment on the embedded code copes, conditional ACK provided bug #1508120 is updated to enumerate the remaining ~15 dependencies and the plan to address them.