1 |
On Fri, Jun 12, 2015 at 10:02:41PM +0200, Kristian Fiskerstrand wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA512 |
4 |
> |
5 |
> On 06/12/2015 09:58 PM, William Hubbs wrote: |
6 |
> > On Fri, Jun 12, 2015 at 11:18:29AM -0700, Patrick McLean wrote: |
7 |
> >> On Fri, 12 Jun 2015 12:54:04 -0500 William Hubbs |
8 |
> >> <williamh@g.o> wrote: |
9 |
> |
10 |
> |
11 |
> .. |
12 |
> |
13 |
> > Since the Go compiler bundles all the necessary packages to compile |
14 |
> > a go binary, I can't help but wonder if we really need manual |
15 |
> > snapshots of packages that build only *.a files in the tree? |
16 |
> > |
17 |
> > Thoughts? |
18 |
> > |
19 |
> |
20 |
> It gets even worse if you factor in security. With the static linking |
21 |
> you really need a := dependency on all libraries used as you don't |
22 |
> know whether an update is security related. |
23 |
> |
24 |
> That said, I understand the structure. I don't like it, but I |
25 |
> understand it, given that it is primarily only intended to be used |
26 |
> within container/docker environments. |
27 |
> |
28 |
> Good luck trying to get it to play nice with a package manager though... |
29 |
|
30 |
The other issue is a lot of upstreams for go don't do releases at all; |
31 |
you just grab everything live.A |
32 |
|
33 |
Does anyone know how third party go packages are being handled on other |
34 |
distros? |
35 |
|
36 |
The go language itself is easy because they do versioned releases. |
37 |
|
38 |
What I would want to know from other distros is, do they package third |
39 |
party go packages at all, and do they package packages that are just |
40 |
libraries? |
41 |
|
42 |
William |