A few fundamentals to building a great packaging story.
http://nathany.com/go-packages/
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
It would be great if the Go Authors specified and built a full-featured package manager for Go. It's not a requirement though.
A few fundamentals to building a great packaging story.
The language is very young and more important features are being worked on. If you think this feature is absolutely necessary then go for it. Go is open source, make it happen.
We are using it for a consumer mobile app and are excited with everything we can accomplish. It is the best tool for what we are using it for. Taking the time to incorporate this into our build process has been worth every minimal moment we have expended.
I hope others who are reading this topic don't walk away from Go or consider it a hobby language. It is a very powerful tool. Use it for your production apps.
outroot@ubuntu:~/dev/go-projects/src/rxmg$ source env/activate
goenv:rxmg outroot@ubuntu:~/dev/go-projects/src/rxmg$ ls env
activate pkg README.md src
He misses the point there. It's not the packaging mechanism
that matters. It's the quality control on the packages. This
is why CPAN is a success and PyPi (formerly Cheese Shop) is
full of junk. CPAN has tests and testing standards. PyPi is
just a link directory.
John Nagle
On Sun, Jul 28, 2013 at 03:48:25AM -0700, Philippe Lafoucrière wrote:
> Go is really nice and fun, and I like playing with it. Anyway, it won't be
> enterprise-ready (and yes, I know google is using it in production) until
> this package manager is available...
Yeah, that's nearly as bad as C or C++. No way anyone is using something
like that in the enterprise. Uhm …
I think its less about packaging. Make with extra programs does that fine when it comes to bundled resources.
Still (i am sorry) it comes down to versioning. It can be solved but not without some hassle. The superior simplicity of the "go" command only worsens the impression.
I am not proposing that the conflicting trans deps problem be solved but only that non-conflicting trans deps works.
*end bimonthly rant*
/Henrik
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
I am not convinced the dependency problem can be solved.
-rob
I have spent the evening reading like a madman and I think I will adopt the "version by sub directory" approach as done by mgo and suggested by many on the list for my api breaking changes.
It was a tough pill to swallow but I think it is not bad at all now that I have gotten over the initial chock. :)
One thing I am curious about though is how dynamic linking will be handled when and if it gets implemented? How does gccgo do it?
I have spent the evening reading like a madman and I think I will adopt the "version by sub directory" approach as done by mgo and suggested by many on the list for my api breaking changes.
It was a tough pill to swallow but I think it is not bad at all now that I have gotten over the initial chock. :)
One thing I am curious about though is how dynamic linking will be handled when and if it gets implemented? How does gccgo do it?
On Aug 2, 2013 10:17 PM, "Jan Mercl" <0xj...@gmail.com> wrote:On Fri, Aug 2, 2013 at 9:44 PM, tomwilde <sedevel...@gmail.com> wrote:
> On Monday, July 29, 2013 11:29:01 PM UTC+2, Rob Pike wrote:
>>
>> I am not convinced the dependency problem can be solved.
>>
>> -rob
>
>
> We're free to redefine the problem in a solvable way, though.
If every problem could be reformulated in a solvable way then, of
course, 42 is the only correct solution ;-)
-j
--
You mean in case of a diamond? Damn, its late ill think on it some more.
I implicitly meant to use ample notification time of course but in essence the entire problem still remains since no matter how much heads up and gofix provided there will always be someone who does not have the time to adjust and they will be left behind. And making needless api changes will not happen.
That is really my main argument, choosing when to upgrade should be left to both the implementors as well as the users independently.
This sounds like what i used to say long before (other threads) but was turned down.
Roughly that each package declares its version and the versions of all its needed dependencies. Circular incompatible transitive dependencies should fail. I don't know why this has to be declared outside of the source code file(s) but it probably have to be in the compiled packages as well. I don't know the technical intricacies well enough wrt feks initialisation.
My last idea was mostly a somewhat exasperated grasping for straws. I really just want proper dependency management in line with the simplicity of the rest of the Go tools and idioms.
I get that this thing is a bit of hot potato but there are already several tools and workflows invented that does it to various degrees. What I want and I may very well be alone in this is a "go fmt" type "this is the tool for dependencies, period" tool to do exactly what you stated.
This sounds like what i used to say long before (other threads) but was turned down.
Roughly that each package declares its version and the versions of all its needed dependencies. Circular incompatible transitive dependencies should fail. I don't know why this has to be declared outside of the source code file(s) but it probably have to be in the compiled packages as well. I don't know the technical intricacies well enough wrt feks initialisation.
My last idea was mostly a somewhat exasperated grasping for straws. I really just want proper dependency management in line with the simplicity of the rest of the Go tools and idioms.
I get that this thing is a bit of hot potato but there are already several tools and workflows invented that does it to various degrees. What I want and I may very well be alone in this is a "go fmt" type "this is the tool for dependencies, period" tool to do exactly what you stated.
You are right of course it breaks down at that point and that is fine, then i know and can go on the hunt for another version or upgrade or whatever. What if the first package really doesn't work with a newer mgo? Wildcard versions sounds bad.
The thing is that we have the exact same problem now only there is no early warning. Things may very well compile nicely but have incompatible behavior that prohibits its usage without changes. Of course this can be thought of as part of not breaking backwards compatibility but it does happen.
At least the library users gets control over what gets used, information about conflicting dependencies and the library developer gets the freedom to change as needed in a new version.
I know that its not a go specific problem. I have lived with Maven for a long time, maybe that is my problem. Maven 1 was better in the dependency department since you had to declare all your dependencies transitively which was a bit of a pain but at least you knew what you got. This is by no means a deal breaker for me and i can manage somewhat since i have to my knowledge not had any issues with conflicting dependencies.
Ill simply have to try to not make any breaking changes and revisit the issue if the need arises.
On Fri, Aug 2, 2013 at 10:32 AM, Henrik Johansson <dahan...@gmail.com> wrote:
> Where is it proven to have these properties? Do you have any references?
Obviously infinite many of them exist. The most trivial form goes like:
a1->b1->c1
a1->d1->c2
On Friday, August 2, 2013 1:49:22 AM UTC-7, Jan Mercl wrote:
On Fri, Aug 2, 2013 at 10:32 AM, Henrik Johansson <dahan...@gmail.com> wrote:
> Where is it proven to have these properties? Do you have any references?
Obviously infinite many of them exist. The most trivial form goes like:
a1->b1->c1
a1->d1->c2Obviously bringing two different versions of the same code into the project is crazy. So we won't do that.This is very simple to handle -- if the strict dependencies imply two different versions of a library, then the tool fails. There is no solution. This is how tools I'm familiar with work.
The key thing is that you generally don't rely on a particular version -- you use on a range of versions. So maybe you get:a1 -> b{1, 2} -> c{1, 2, 3, 4}a1 -> d{1, 2 3} -> c{2, 3}And then the dependency resolution tool solves a constraint satisfaction problem and gets e.g. {d2, c3}. (After this you want to lock the dependencies in so anyone else working on the code gets the exact same versions -- this is what, for instance, Bundler uses Gemfile.lock for.)
Something like semantic versioning helps with this process -- if people follow the convention that they don't break APIs without major version changes, then you can generally specify dependencies like "at least 1.2.3 but in the same major version series".
-Caleb
On Fri, Aug 2, 2013 at 6:05 PM, Caleb Spare <ces...@gmail.com> wrote:On Friday, August 2, 2013 1:49:22 AM UTC-7, Jan Mercl wrote:
On Fri, Aug 2, 2013 at 10:32 AM, Henrik Johansson <dahan...@gmail.com> wrote:
> Where is it proven to have these properties? Do you have any references?
Obviously infinite many of them exist. The most trivial form goes like:
a1->b1->c1
a1->d1->c2Obviously bringing two different versions of the same code into the project is crazy. So we won't do that.This is very simple to handle -- if the strict dependencies imply two different versions of a library, then the tool fails. There is no solution. This is how tools I'm familiar with work.You might want to read the blog post and the associated doc :).
The problems below (and many more) are already addressed.
The key thing is that you generally don't rely on a particular version -- you use on a range of versions. So maybe you get:a1 -> b{1, 2} -> c{1, 2, 3, 4}a1 -> d{1, 2 3} -> c{2, 3}And then the dependency resolution tool solves a constraint satisfaction problem and gets e.g. {d2, c3}. (After this you want to lock the dependencies in so anyone else working on the code gets the exact same versions -- this is what, for instance, Bundler uses Gemfile.lock for.)
What if there is more than one solution? Which one do you pick?
What if the other guy on your team ends up having chosen a different set of also-legal versions?
How do you figure out which package maintainer to bug if your dependency chains are long and weblike and there are multiple sets of constraint changes that could make the problem soluble?
Something like semantic versioning helps with this process -- if people follow the convention that they don't break APIs without major version changes, then you can generally specify dependencies like "at least 1.2.3 but in the same major version series".I disagree, actually. Semantic versioning frees developers (especially those who aren't closely tied to their users) from having to think long and hard about making a breaking API change, because they can "just bump the major version number" and not break anyone. Well, it also means that every user of their package has to update now in order to get bug fixes, security patches, etc. It takes a lot of discipline to avoid this.
I disagree, actually. Semantic versioning frees developers (especially those who aren't closely tied to their users) from having to think long and hard about making a breaking API change, because they can "just bump the major version number" and not break anyone. Well, it also means that every user of their package has to update now in order to get bug fixes, security patches, etc. It takes a lot of discipline to avoid this.
I disagree, actually. Semantic versioning frees developers (especially those who aren't closely tied to their users) from having to think long and hard about making a breaking API change, because they can "just bump the major version number" and not break anyone. Well, it also means that every user of their package has to update now in order to get bug fixes, security patches, etc. It takes a lot of discipline to avoid this.