zlacker

[parent] [thread] 3 comments
1. pjmlp+(OP)[view] [source] 2025-08-22 14:08:35
Unless it made use of CGO and has dynamic dependencies, always is a bit too much.
replies(1): >>mdanie+Ke
2. mdanie+Ke[view] [source] 2025-08-22 15:29:28
>>pjmlp+(OP)
Or the import path was someone's blog domain that included a <meta> reference to the actual github repo (along with the tag, IIRC) where the source code really lives. Insanity
replies(1): >>pjmlp+Lg
◧◩
3. pjmlp+Lg[view] [source] [discussion] 2025-08-22 15:40:51
>>mdanie+Ke
I never understood the mentality to have SCM urls as package imports directly on the source code.
replies(1): >>mdanie+4t
◧◩◪
4. mdanie+4t[view] [source] [discussion] 2025-08-22 16:44:36
>>pjmlp+Lg
Well, that's the problem I was highlighting - golang somehow decided to have the worst of both worlds: arbitrary domains in import paths and then putting the actual ref of the source code ... elsewhere

  import "gopkg.in/yaml.v3" // does *what* now?

  curl https://gopkg.in/yaml.v3?go-get=1 | grep github
  <meta name="go-source" content="gopkg.in/yaml.v3 _ https://github.com/go-yaml/yaml/tree/v3.0.1{/dir} https://github.com/go-yaml/yaml/blob/v3.0.1{/dir}/{file}#L{line}">
oh, ok :-/

I would presume only a go.mod entry would specify whether it really is v3.0.0 or v3.0.1

Also, for future generations, don't use that package https://github.com/go-yaml/yaml#this-project-is-unmaintained

[go to top]