On Tue, Mar 07, 2017 at 07:13:38PM -0500, Michael Orlitzky wrote: > On 03/07/2017 07:02 PM, Patrick McLean wrote: > > > > You also need to recompile to get security bugs fixed. With go it's not > > just compiler options, it's also the standard library updates that need > > a recompile to get. > > > > If that's the reasoning, then don't you have the same problem with every > other library under dev-go? None of them are really needed at runtime, > but you would need to rebuild when they change to get security updates, > right? Correct, but see below.
> If all dev-go libraries wind up in RDEPEND solely to force rebuilds on > upgrades, why not do the same with the standard library (dev-lang/go)? They should not end up in rdepend at all since we only need them at build-time. I'm sure there will be more cleanup to do if packages have go libraries in RDEPEND. William
signature.asc
Description: Digital signature
