❦ 24 mars 2020 05:37 -05, Michael Lustfield:
>> > Kubernetes is already using Go modules. They happen to have decided to
>> > keep shipping a `vendor/` directory but this is not uncommon. It is
>> > often considered as a protection against disappearing modules. So, there
>> > is nothing to be done upstream. And BTW, there are currently 616
>> > dependencies, pinned to a specific version.
>>
>> I wonder if the existence of Software Heritage could convince them
>> disappearing modules aren't a problem, or if another service is
>> needed.
>
> I think this is a symptom of the tools being used. Using 'go vendor' is a
> documented step in nearly all golang-based "release tutorials." Most never even
> get as far as considering that maybe their source should have a version,
> because the toolset mentality is "download latest at build time."
With Go modules, that's not true anymore. It will use the minimal
version satisfying the minimal versions specified in go.mod.
--
Follow each decision as closely as possible with its associated action.
- The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature