-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/12/2015 09:58 PM, William Hubbs wrote: > On Fri, Jun 12, 2015 at 11:18:29AM -0700, Patrick McLean wrote: >> On Fri, 12 Jun 2015 12:54:04 -0500 William Hubbs >> <[email protected]> wrote:
.. > Since the Go compiler bundles all the necessary packages to compile > a go binary, I can't help but wonder if we really need manual > snapshots of packages that build only *.a files in the tree? > > Thoughts? > It gets even worse if you factor in security. With the static linking you really need a := dependency on all libraries used as you don't know whether an update is security related. That said, I understand the structure. I don't like it, but I understand it, given that it is primarily only intended to be used within container/docker environments. Good luck trying to get it to play nice with a package manager though... - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVezrYAAoJECULev7WN52FtWYH/i2nPEWAcUHjYP/i9DYqbrzJ pHFub2zZrdCyIqF0n/aYVtgdcU+uXz/iHD/+j/SaIVaGgWBO5kafqEt93Zyw2i4I yHWzZp5cUWMt4YfUBq63ZBGWQkaK4YsbP9TmuuUGe5ZhuOHBQhKtenue0VBqQ6Bl tiYZcByCFJ8HHeshCGdr0unAA8K85vIIaDdz/FkkA2rwlFudIWAfgaWhomc60oAV 9aVKllOpqWsIoWn6GYKGuidSWmXMmN6J7EPyGENJENf01oF3Q/D7H5o3IN2uIB7m FUXtmdPji3eSS77mpyimh4xXi6fzy1x3kWGhmPHBo1PMDdaY9S/mKjy85NS5z2U= =hT4l -----END PGP SIGNATURE-----
