Re: Go Packaging Guidelines: What's next?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 29, 2015 at 11:38:59AM -0500, Adam Miller wrote:
> Hello all,
>     I've noticed that the Go (golang) Packaging Guidelines Draft[0]
> document has been stagnant for a while now and I'm curious what the
> next steps should be? Does this need to go through FESCo?

It shouldn't need to go through FESCo. See
https://fedorahosted.org/fpc/ticket/382 for current state.

>     Also, since Go is statically compiled by default is this something
> we need to get an exception from FESCo similar to OCaml[1]?

That's covered in the draft.

>     If there were to be some sort of approval for these bundled
> libraries, should there be a defined specification of which Go
> dependency managers are supported for sake of security response so
> that we can check for packages that need rebuilding when a
> vulnerability is found? What kind of changes would be necessary for
> build tooling there? (Maybe something in this area I'm not thinking
> of?)

Now, the bundling issue is an exciting kettle of worms — although the
problem of tons of unpackaged deps is not really that different from
Ruby or even Python or Perl. I think it's fair to say that the _idea_
of the current approach -- first package to require it generally needs
to do the work of getting the dependencies in too -- is geared towards
an eventual benefit to the _next_ packages, which will then find there
deps already nicely available. (Pain now, but globally reduced pain
later.)

-- 
Matthew Miller
<mattdm@xxxxxxxxxxxxxxxxx>
Fedora Project Leader
--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux