Re: Advice on vendoring for new package golang-github-uber-jaeger-client-go
Hi,
On Fri, Aug 4, 2023 at 6:33 AM Mathias Gibbens <gibmat@debian.org> wrote:
>
> Hi all,
>
> I'm slowly working through packaging new dependencies needed by the
> latest feature and future LTS releases of LXD (or possibly Incus, see
> #1042989), and I have made it up to golang-github-uber-jaeger-client-go
> (ITP #994083).
>
I didn't see lxd imports github.com/uber/jaeger-client-go. Did I miss something?
> The problem I've run into is that the library has been deprecated by
> upstream who aren't accepting any further changes except security
> fixes. Unfortunately it also vendors an old version of thrift (0.14.1)
> along with some generated source code. thrift is packaged for Debian,
> currently at version 0.17.0 in unstable. I tried to remove the vendored
> version of thrift and run `thrift-gen` at build time, but encountered
> errors when the newer version of thrift tried to parse the older files.
> There's also a pretty significant diff needed to fix various import
> paths throughout the library after that change.
>
We can also exclude thrift related code, if it's not needed by lxd. We
don't need to package all things.
> I don't know how much work it would be to fix the thrift source
> files, and I don't know if it would be worthwhile, seeing that the
> changes wouldn't be accepted upstream due to the deprecated status of
> this library.
>
> Policy Section 4.13 says we shouldn't include embedded copies of
> code, especially if it's already in the archive, but I wonder if this
> might be a situation that warrants an exception and note in the
> package's d/README.source.
>
> Thoughts or suggestions welcomed!
>
> Thanks,
> Mathias
--
Shengjing Zhu
Reply to: