When I first read this thread I assumed the go download was using some standard tool similar to mvnw or gradlew which download and cache a copy of the respective tool on use, with md5sum checks and such to verify the download before use.
But that doesn’t seem to be the case here, the script checks for arm vs amd64, Linux vs Mac, and then fetches and untars the go distro into tmp. There is no verification of the download. The only check is if curl returned non 0. I did some google searches and while there does exist a “gow” tool, it does not seem to be maintained and also seems to not be in widespread use within the go community. So while it would be nice to keep things such that someone just runs ant and gets everything built, given this does not seem to be a standard method of dealing with a go install in build scripts, I would suggest we stop doing it. It looks to be very simple to install Go, so maybe switch to telling someone how to install it if it is not found, as well as giving them the setting to disable that artifact. -Jeremiah On Mon, Apr 28, 2025 at 1:49 PM Brandon Williams <dri...@gmail.com> wrote: > On Mon, Apr 28, 2025 at 12:19 PM Jon Haddad <j...@rustyrazorblade.com> > wrote: > > > > I strongly prefer we didn't install things on users systems they didn't > ask for. > > I agree with you, and it also doesn't make sense to install go for one > small thing, but depend on (not install) python for a lot more things. > If we aren't willing to install python why are we installing go? > > Kind Regards, > Brandon >