Re: [PATCH v2 2/6] tools: introduce a data driven impl of virt-host-validate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 01, 2019 at 01:33:34PM +0200, Bjoern Walk wrote:
> Daniel P. Berrangé <berrange@xxxxxxxxxx> [2019-09-27, 01:52PM +0100]:
> > +package main
> > +
> > +import (
> > +	"flag"
> > +	"fmt"
> > +	"github.com/spf13/pflag"
> 
> I don't like external dependencies like this at all. Not from a
> administrative POV (there are likely a number of build environments,
> including ours, that want to build libvirt offline) and not from a
> security POV (this reminds me of the npm-debacles we see every now and
> then).

This is an inaccurate view of Go build/dependancies.

Nothing prevents you building Go code offline. This is exactly what
Fedora does for all Go code. By default the Go toolchain will pull
from the upstream directly, but you can tell it to use locally
packaged source, or can pre-populate a cache of downloaded content.

As for external dependencies in general, libvirt.so already links to
60+ libraries right now. Using external dependancies is a good thing
because you are not re-inventing the wheel constantly, instead picking
a solution that is already robust & tested.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux