On Tue, Feb 04, 2025 at 09:37:05AM +0000, Sharlatan Hellseher wrote: > The project changed the module of release and now ships vendor and source > separatly: > - > https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0-vendor.tar.gz > - > https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0.tar.gz > > It means we need to package all missing inputs before update to the > latest.
I see. > CC Leo for the second opinion if we may grab vendor and ingest it > during build and initiate packaging for the future to reduce amount of > vendored packages. I think it's fine to use this vendored / bundled tarball. Using the vendored code is not the Guix way, but we are already using the bundled dependencies for this package. The change is that now they are provided in a separate tarball. This is not a meaningful change with respect to the why Guix generally doesn't use bundled source code and I don't think the code review process for this update should force them to be unbundled now. In the past I've argued that the way we handle Go packages right now is insufficient to package them properly. Either we could make an easy to parameterize Go libraries / modules so that they are not vendored (improve the importer as part of that?), or just use the vendored code. But I always say that motivation is not fungible. If you are interested in packaging these dependencies in the future, go for it!
