| 1 |
On 06/29/2015 11:25 PM, Zac Medico wrote: |
| 2 |
> |
| 3 |
> Considering that Go binaries are statically linked, you'll end up with a |
| 4 |
> bunch of Go libraries installed that you don't need during run-time. |
| 5 |
> |
| 6 |
|
| 7 |
They'll eventually give this up, because everyone does when their |
| 8 |
language starts seeing serious use. I won't pretend that's a real |
| 9 |
argument though. |
| 10 |
|
| 11 |
Suppose ten years from now everything is written in Go. I have 500 |
| 12 |
statically linked Go packages on my system, all of whose dependencies |
| 13 |
were built and compiled-in at install time. Now someone finds a remote |
| 14 |
root vulnerability in the go-openssl library. I know some of the |
| 15 |
packages I have installed were built against it. What do I do? |
| 16 |
|
| 17 |
At least with the useless dev-go/go-openssl installed, I can use |
| 18 |
subslots to rebuild everything after an upgrade to the fixed version. |
Archives