On Fri, Jun 12, 2015 at 10:02:41PM +0200, Kristian Fiskerstrand wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 06/12/2015 09:58 PM, William Hubbs wrote: > > On Fri, Jun 12, 2015 at 11:18:29AM -0700, Patrick McLean wrote: > >> On Fri, 12 Jun 2015 12:54:04 -0500 William Hubbs > >> <[email protected]> wrote: > > > .. > > > Since the Go compiler bundles all the necessary packages to compile > > a go binary, I can't help but wonder if we really need manual > > snapshots of packages that build only *.a files in the tree? > > > > Thoughts? > > > > It gets even worse if you factor in security. With the static linking > you really need a := dependency on all libraries used as you don't > know whether an update is security related. > > That said, I understand the structure. I don't like it, but I > understand it, given that it is primarily only intended to be used > within container/docker environments. > > Good luck trying to get it to play nice with a package manager though...
The other issue is a lot of upstreams for go don't do releases at all; you just grab everything live.A Does anyone know how third party go packages are being handled on other distros? The go language itself is easy because they do versioned releases. What I would want to know from other distros is, do they package third party go packages at all, and do they package packages that are just libraries? William
signature.asc
Description: Digital signature
