On Tue, Dec 13, 2016 at 4:26 PM, Jay Pipes <jaypi...@gmail.com> wrote: > Not sure if it's already been brought up, but I really like govendor:
Govendor and glide are the two most promising candidates at this point. I just read today's summary of the Package Management Committee [0] and that sounds _really_ promising, if further out than we can wait on, but there will be migration paths from many of the existing tools. Both govendor and glide have devs in the Advisory Group to the committee. > More than the decision between dependency management toolkits, though, is > the decision over whether to have *any* vendored source code in the primary > project's source tree itself (as opposed to only storing the > vendor.json/glide.yaml|lock file that lists dependent library versions and > locations). Please let's have a policy of keeping vendored source code *out* > of the primary project source tree. This is the intention and I see no reason why it is not achievable. It totally depends (ha!) on having better (any!) dependency management in place. One thing that I have been pondering is resurrecting the old technique of embedding version info into binaries so they can be examined to discover which library versions were used in its build. This was totally a thing when I was using rcs ($Id$ and ident(1) FTW) but that particular technique is messy with distributed version control, and may not be needed at all in a packaged distro environment. This may, however, help ease the concerns many have around static linking of libs. dt [0] https://blog.gopheracademy.com/advent-2016/saga-go-dependency-management/ -- Dean Troyer dtro...@gmail.com __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev