-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFE] Generate list of bundled(golang(...)) if with_bundled is set and Godeps/vendor directory is present #42
Comments
Based on [1] "All packages whose upstreams have no mechanism to build against system libraries may opt to carry bundled libraries, but if they do, they must include Provides: bundled(<libname>) = <version> in their RPM spec file.". I would suggest to use Provides: bundled(golang(<importpath>)) = %{version}-%{shortcommit} or Provides: bundled(golang(<importpath>)) = %{version}-%{commit} In the former you can still get two identical shortcommits. So the second one is preferable. However, it will not correspond to any package that was/is/will be built in Fedora. |
hey @ingvagabund is this supposed to be the version/commit/shortcommit of the git repo of the bundled dep or is it supposed to be the version from the package you are building? |
|
As a golang package maintainer I would like to know which projects use bundled deps. So I can update all of them if there is a security issue or any other that is critical.
The long term plan is to build of golang projects from debundled dependencies. Which is not possible at the moment as with each update there is a risk of breaking project's API (a lot of upstream projects do not release, they only push new commits). What we can do at the moment is to minimize API breaking and to be more informative about which dependencies are used.
The text was updated successfully, but these errors were encountered: