On Tue, Aug 5, 2014 at 5:18 PM, Rob Figueiredo <
rob...@gmail.com> wrote:
>>
>> What happens when some user go gets a project which developer
>> published at, say github and the developer uses this tool to make the
>> project dependent on locked down versions of other publicly accessible
>> (ie. go get accessible) repositories/packages which have been
>> meanwhile updated?
>>
>
> Hah, I knew you would find a way sneak in the "but resolving versions is
> undecidable" comment.
No, that one is still in queue ;-)
> This is just a tool for recording and updating packages in your GOPATH. Its
> use case is not for the small open source projects, it is for the large
> (probably) closed source projects. It also does not address publishing
> libraries that are consumed by other parties -- that can be done as usual
> using the hope-for-the-best policy.
>
> If the build works on your local machine with the current versions of
> everything in your GOPATH, then you can record that and allow other
> developers to have the same environment.
>
>
>>
>> What will such user end with at his local machine after plain old go
>> get
github.com/dev/proj?
>>
>
> The same thing that happens you "go get" anything else. They would end up
> with that project in their GOPATH, using whatever cocktail of other packages
> happen to also be there.
Even though there are cases where it might work, I'm glad that we now
agree that it cannot work in the general case. And while talking about
general cases: It cannot work also for the (big, proprietary etc.)
case when (internal, proprietary, closed) project C depends on other
internal projects A and B if A and B use GLock and both depend on
whatever D, but in different/incompatible versions of D. Then glock
sync will attempt to checkout conflicting versions of D in different
moments. It can probably even sometimes silently change the semantics
of C's operations.
And finally, here it goes: It's because resolving version conflicts
can be either automatic or correct. Pick one.
-j