-
-
Notifications
You must be signed in to change notification settings - Fork 7.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide an extra zip/tar.gz release archive with Go vendoring included for reproducibility #2119
Comments
But I think we should just start do proper vendoring and this will be solved. |
Cc: @spf13 @ bep wrote:
Should we start by checking in vendor/vendor.json before the 0.16 release?
I think this would remedy the sad situation where https://github.com/spf13/hugo/archive/v0.15.tar.gz quickly became almost impossible to compile (within a month?) due to API changes in upstream packages. |
Is that a standard vendoring format used by all the vendoring tools? |
Good question, one that I hadn't thought of.
So it looks like it differs among various vendoring tools. |
And then there is Dave Cheney's GDB ... We should pick one, but not by random. |
For reference see Go best practices, six years in: Dependency Management. Random comments:
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Due to the dynamic nature of the Go library packages that Hugo depends on, our released source code in zip or tar.gz form could soon become unusable by the end user. For example, it is probably very difficult for an end user to build hugo v0.15 from source from https://github.com/spf13/hugo/archive/v0.15.tar.gz without going back in time for some dependencies. Even more difficult to re-create the exact same released v0.15 binaries from source.
I recommend providing an extra zip/tar.gz source archive with the vendoring information added, e.g., generated by the following commands:
using govendor from https://github.com/kardianos/govendor.
The text was updated successfully, but these errors were encountered: