Don't just vendor - rebuild the ecosystem and persuade the vendor to work on software management ...
Don't just vendor - rebuild the ecosystem and persuade the vendor to work on software management ...
Posted Jan 28, 2025 4:31 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)In reply to: Don't just vendor - rebuild the ecosystem and persuade the vendor to work on software management ... by champtar
Parent article: Vendoring Go packages by default in Fedora
You don't need that! You can use `go mod download` to pre-download the dependencies into the local cache (packaged into the same tarball). And they can still be cryptographically verified during the build (`go mod verify`), so the integrity guarantees are not affected.
And all of this can be done for all the supported platforms from any supported platform, cross-compilation is a built-in feature of the toolchain. Go is really an example of how to make the ecosystem pleasant to use.
Posted Jan 28, 2025 22:30 UTC (Tue)
by ibukanov (subscriber, #3942)
[Link]
Don't just vendor - rebuild the ecosystem and persuade the vendor to work on software management ...