Re: [RFC] Go (golang) packaging

To: debian-devel@lists.debian.org
Subject: Re: [RFC] Go (golang) packaging
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 03 Jan 2013 12:17:09 +0100
Message-id: <[🔎] 87a9sqzfbe.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20130102212637.GA18077@grep.be> (Wouter Verhelst's message of "Wed, 2 Jan 2013 22:26:37 +0100")
References: <[🔎] x68v8dow53.fsf@midna.zekjur.net> <[🔎] CAKTje6H1ijosmhd1O23oU9QVhV_jjp3ocVoBXJDWXXfqsk1JaA@mail.gmail.com> <[🔎] x6fw2kop7h.fsf@midna.zekjur.net> <[🔎] CAKTje6G3V1NCPyKnZt7By=SyDcn_qh-kwnbSvEenJKKHMUCoVA@mail.gmail.com> <[🔎] CAJusiZWXPPfHZLNvecEFh0yiy8sMnSJTVQ8g1B+Dd-=0EYS4Og@mail.gmail.com> <[🔎] x64nj0ngow.fsf@midna.zekjur.net> <[🔎] 20130102120546.GA31352@gaara.hadrons.org> <[🔎] 20130102212637.GA18077@grep.be>

* Wouter Verhelst:

> Strictly speaking, if you're only using static libraries this is not
> really true; once you've compiled something against a static library,
> the static library might change in whatever way it sees fit, the
> compiled binary will continue to work, with or without recompilation. 

My main worry is that, for example, a fix in another, otherwise
unrelated dependency prompts a rebuild, and this picks up behavioral
changes which haven't been visible before, but lingering in the static
library.  Essentially, we end up with non-reproducible builds.

The way we currently do QA, it is important that we do not release
many packages with statically linked copies of outdated libraries.  We
wouldn't have much chance spotting the impact of such lingering
changes once they are materializing.  Non-reproducible builds are also
a software freedom issue (practically speaking).

Reply to:

Follow-Ups:
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>

References:
- [RFC] Go (golang) packaging
  - From: Michael Stapelberg <michael+debian@stapelberg.de>
- Re: [RFC] Go (golang) packaging
  - From: Paul Wise <pabs@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Paul Wise <pabs@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Shawn <shawnlandden@gmail.com>
- Re: [RFC] Go (golang) packaging
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Guillem Jover <guillem@debian.org>
- Re: [RFC] Go (golang) packaging
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: Bug#696593: ITP: sun -- sun calculates the sun's rise/set times
Next by Date: Re: [RFC] Go (golang) packaging
Previous by thread: Re: [RFC] Go (golang) packaging
Next by thread: Re: [RFC] Go (golang) packaging
Index(es):
- Date
- Thread