| 1 |
On Fri, Jun 12, 2015 at 10:02:41PM +0200, Kristian Fiskerstrand wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA512 |
| 4 |
> |
| 5 |
> On 06/12/2015 09:58 PM, William Hubbs wrote: |
| 6 |
> > On Fri, Jun 12, 2015 at 11:18:29AM -0700, Patrick McLean wrote: |
| 7 |
> >> On Fri, 12 Jun 2015 12:54:04 -0500 William Hubbs |
| 8 |
> >> <williamh@g.o> wrote: |
| 9 |
> |
| 10 |
> |
| 11 |
> .. |
| 12 |
> |
| 13 |
> > Since the Go compiler bundles all the necessary packages to compile |
| 14 |
> > a go binary, I can't help but wonder if we really need manual |
| 15 |
> > snapshots of packages that build only *.a files in the tree? |
| 16 |
> > |
| 17 |
> > Thoughts? |
| 18 |
> > |
| 19 |
> |
| 20 |
> It gets even worse if you factor in security. With the static linking |
| 21 |
> you really need a := dependency on all libraries used as you don't |
| 22 |
> know whether an update is security related. |
| 23 |
> |
| 24 |
> That said, I understand the structure. I don't like it, but I |
| 25 |
> understand it, given that it is primarily only intended to be used |
| 26 |
> within container/docker environments. |
| 27 |
> |
| 28 |
> Good luck trying to get it to play nice with a package manager though... |
| 29 |
|
| 30 |
The other issue is a lot of upstreams for go don't do releases at all; |
| 31 |
you just grab everything live.A |
| 32 |
|
| 33 |
Does anyone know how third party go packages are being handled on other |
| 34 |
distros? |
| 35 |
|
| 36 |
The go language itself is easy because they do versioned releases. |
| 37 |
|
| 38 |
What I would want to know from other distros is, do they package third |
| 39 |
party go packages at all, and do they package packages that are just |
| 40 |
libraries? |
| 41 |
|
| 42 |
William |
Archives