1 |
On 06/29/2015 11:25 PM, Zac Medico wrote: |
2 |
> |
3 |
> Considering that Go binaries are statically linked, you'll end up with a |
4 |
> bunch of Go libraries installed that you don't need during run-time. |
5 |
> |
6 |
|
7 |
They'll eventually give this up, because everyone does when their |
8 |
language starts seeing serious use. I won't pretend that's a real |
9 |
argument though. |
10 |
|
11 |
Suppose ten years from now everything is written in Go. I have 500 |
12 |
statically linked Go packages on my system, all of whose dependencies |
13 |
were built and compiled-in at install time. Now someone finds a remote |
14 |
root vulnerability in the go-openssl library. I know some of the |
15 |
packages I have installed were built against it. What do I do? |
16 |
|
17 |
At least with the useless dev-go/go-openssl installed, I can use |
18 |
subslots to rebuild everything after an upgrade to the fixed version. |