| 1 |
On Wed, 2020-04-01 at 05:36 +0000, Robin H. Johnson wrote: |
| 2 |
> On Tue, Mar 31, 2020 at 09:18:32PM -0400, Michael Orlitzky wrote: |
| 3 |
> > On 3/31/20 8:48 PM, Samuel Bernardo wrote: |
| 4 |
> > > My question started with the network sandbox issue when we need to load |
| 5 |
> > > external code dependencies. For example, a go project will download all |
| 6 |
> > > dependencies from git repositories that will happen after src_unpack. In |
| 7 |
> > > this case I need to add an additional tar.gz with that code along with |
| 8 |
> > > the software release tar.gz. |
| 9 |
> Samuel: |
| 10 |
> I already proved that using go-module.eclass EGO_SUM it will NOT use Git |
| 11 |
> repositories, and all of the fetching will happen long before |
| 12 |
> src_unpack. Why do you persist with your statement to the contrary? |
| 13 |
> |
| 14 |
> > > That additional tar.gz needs to be stored somewhere and as I understand |
| 15 |
> > > local mirror could be the right place. |
| 16 |
> > |
| 17 |
> > Normally we don't bundle dependencies, avoiding that problem entirely. |
| 18 |
> > The Go eclasses however are badly designed, committed against protest by |
| 19 |
> > paid corporate interests, and serve only to facilitate large-scale |
| 20 |
> > copyright infringement and security vulnerabilities. If you're looking |
| 21 |
> > for a consistent explanation of how they're supposed to work with the |
| 22 |
> > rest of Gentoo, you won't find one. |
| 23 |
> mjo: Can you please substantiate your claims? |
| 24 |
> |
| 25 |
> It would have been nice to have heard your concerns during February, any |
| 26 |
> of one the three times that William and I posted the go-module.eclass |
| 27 |
> EGO_SUM development work for review on this mailing list. I don't see a |
| 28 |
> single email from you during that entire period. |
| 29 |
> |
| 30 |
|
| 31 |
Do you really expect people to repeat themselves every time Go packaging |
| 32 |
is discussed, and their concerns are ignored because upstream? For one, |
| 33 |
I've decided to focus on what's new in the eclasses, and just let |
| 34 |
the tower topple of its own. |
| 35 |
|
| 36 |
-- |
| 37 |
Best regards, |
| 38 |
Michał Górny |
Archives