Mikel Olasagasti venit, vidit, dixit 2025-01-20 08:02:18: > Hi, > > Go-SIG has raised a ticket with FESCo [1] to propose a significant > shift in Fedora's packaging approach for Go dependencies: moving to > vendoring/bundling by default. This would represent a major departure > from our current guidelines [2]. > > Given the potential impact, it was suggested that we bring this topic > to the devel-list for broader input and an open discussion. > > The rationale for this proposal stems from the increasing challenges > in maintaining Go dependencies under the current model, including > issues with timely reviews, dependency management, and the impact of > some "core" orphaned packages. Allowing vendoring by default could > help alleviate these bottlenecks and improve the stability of Go-based > packages in Fedora. I understand that these are challenges, and they are increasing because there are so many upcoming ecosystems which build their own distribution channels and tools, be it Go, Rust, Julia, even Python to some degree (think pip, conda and the like). And indeed, as Jan's reply shows, once we allow bundling in general for one language people will want it for other language ecosystems, and "rightly" so, at least as long as the same reasoning applies. Following the Go-SIG proposal would be the can-opener to deviate from our distribution model in general. I mean, if I can pull in a myriad of Go or Rust modules for my package to build (without individual review or re-review in case of changed dependencies), then why should I bother unbundling a library such as zlib, regex, openssl, ... ? There is a second point to that, and that is Fedora as a development platform (not just as an "app" platform). If we expect developers to install dependencies of their project via the ecosystem tools (pip, ...) locally (envs, containers) and "app packages" do the same during build then it is time to change the fundamental approach to our distribution and view it "merely" as a platform. I don't mean to connotate "merely" negatively - but the proposed change has impact overall, and we should *really want it* as a direction to go in generally. > If this proposal gains consensus, we could aim to implement the change > as part of Fedora 43, with the development phase used for migration > and retiring packages that may no longer fit within the updated > framework. How would packages "not fit"? By not bundling, i.e. by following our packaging guidelines so far? To put it differently: Do you intend to discourage/disallow "not bundling", or packaging dependencies? > On a related note, I recently highlighted how the introduction of > Golang 1.24 has caused significant breakage in over 200 packages [3], > an issue that underscores the urgency of addressing these challenges. How would bundling alleviate this issue? By assuming that all upstreams have adjusted to Golang 1.24 already so that you don't have to wait for package updates but just pull in with your package? Cheers Michael -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
