Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

About go.sum file submit repository #33

Open
dingdayu opened this issue Apr 20, 2020 · 2 comments
Open

About go.sum file submit repository #33

dingdayu opened this issue Apr 20, 2020 · 2 comments
Labels
question Further information is requested

Comments

@dingdayu
Copy link
Member

dingdayu commented Apr 20, 2020
edited
Loading

We continue to discuss whether go.sum is submitted to the repository.

I suggest to submit this file.

As @eslizn quoted Go official discussion on this issue:
https://github.com/golang/go/wiki/Modules#releasing-modules-all-versions

Related documents:

submit go.sum the reason:

  • reliance on version unification.
  • Provide package management dependent content verification in a distributed environment

Many open source projects are like this.
@huan
Copy link
Member

huan commented Apr 20, 2020
edited
Loading

Thank you very much for starting this discussion thread for whether we should commit the go.sum file.

other languages separate versions and dependencies.

I have to say that I can not agree with you on the above sentence because it seems that all languages are putting the versions and dependencies together.

For example:

In node, we have the versions in our dependencies file package.json:

    "wechaty-puppet": "^0.25.1",
    "wechaty-puppet-hostie": "^0.7.1",

In Go, we have the versions in our dependencies file go.mod:

	github.com/hashicorp/golang-lru v0.5.4
	github.com/otiai10/opengraph v1.1.1

And in Java, we have the versions in our dependencies file pom.xml

            <dependency>
                <groupId>io.grpc</groupId>
                <artifactId>grpc-protobuf</artifactId>
                <version>1.28.0</version>
            </dependency>

So I believe either go.sum or package-lock.json are trying to solve the other problem.

@huan huan added the question Further information is requested label Apr 20, 2020
@dingdayu
Copy link
Member Author

Thank you very much for starting this discussion thread for whether we should commit the go.sum file.

other languages separate versions and dependencies.

I have to say that I can not agree with you on the above sentence because it seems that all languages are putting the versions and dependencies together.

For example:

In node, we have the versions in our dependencies file package.json:

    "wechaty-puppet": "^0.25.1",
    "wechaty-puppet-hostie": "^0.7.1",

In Go, we have the versions in our dependencies file go.mod:

	github.com/hashicorp/golang-lru v0.5.4
	github.com/otiai10/opengraph v1.1.1

In Java, we have the versions in our dependencies file pom.xml

            <dependency>
                <groupId>io.grpc</groupId>
                <artifactId>grpc-protobuf</artifactId>
                <version>1.28.0</version>
            </dependency>

So I believe either go.sum or package-lock.json are trying to solve the other problem.

Oh yes, I think I need to modify my expression.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@huan @dingdayu