1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 06/12/2015 09:58 PM, William Hubbs wrote: |
5 |
> On Fri, Jun 12, 2015 at 11:18:29AM -0700, Patrick McLean wrote: |
6 |
>> On Fri, 12 Jun 2015 12:54:04 -0500 William Hubbs |
7 |
>> <williamh@g.o> wrote: |
8 |
|
9 |
|
10 |
.. |
11 |
|
12 |
> Since the Go compiler bundles all the necessary packages to compile |
13 |
> a go binary, I can't help but wonder if we really need manual |
14 |
> snapshots of packages that build only *.a files in the tree? |
15 |
> |
16 |
> Thoughts? |
17 |
> |
18 |
|
19 |
It gets even worse if you factor in security. With the static linking |
20 |
you really need a := dependency on all libraries used as you don't |
21 |
know whether an update is security related. |
22 |
|
23 |
That said, I understand the structure. I don't like it, but I |
24 |
understand it, given that it is primarily only intended to be used |
25 |
within container/docker environments. |
26 |
|
27 |
Good luck trying to get it to play nice with a package manager though... |
28 |
|
29 |
- -- |
30 |
Kristian Fiskerstrand |
31 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
32 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
33 |
-----BEGIN PGP SIGNATURE----- |
34 |
|
35 |
iQEcBAEBCgAGBQJVezrYAAoJECULev7WN52FtWYH/i2nPEWAcUHjYP/i9DYqbrzJ |
36 |
pHFub2zZrdCyIqF0n/aYVtgdcU+uXz/iHD/+j/SaIVaGgWBO5kafqEt93Zyw2i4I |
37 |
yHWzZp5cUWMt4YfUBq63ZBGWQkaK4YsbP9TmuuUGe5ZhuOHBQhKtenue0VBqQ6Bl |
38 |
tiYZcByCFJ8HHeshCGdr0unAA8K85vIIaDdz/FkkA2rwlFudIWAfgaWhomc60oAV |
39 |
9aVKllOpqWsIoWn6GYKGuidSWmXMmN6J7EPyGENJENf01oF3Q/D7H5o3IN2uIB7m |
40 |
FUXtmdPji3eSS77mpyimh4xXi6fzy1x3kWGhmPHBo1PMDdaY9S/mKjy85NS5z2U= |
41 |
=hT4l |
42 |
-----END PGP SIGNATURE----- |