Hacker News new | ask | show | jobs
by dilap 1990 days ago
> Thanks the "first principles" design of go mod, that's becoming increasingly unavoidable.

That's interesting, could you explain this more?

Context: I used to use Go a lot, but mostly haven't since Go modules, and I'm curious to know the details of the problem and why it happens.
1 comments
jacques_chester 1990 days ago
It doubles down on Go's assumption that git repository === a proper package/module system. It mixes up URLs and URNs.

If your git repositories aren't tagged just so, then go mod throws its hands up and simply invents a whacky snapshot version. Because it can't itself properly determine "earlier version" from "later version" on that snapshot, you often wind up with multiple snapshots from the same repo, not infrequently transmitted through other dependencies.

This is just jolly good fun when it turns out that your dependencies are pulling in incompatible versions of things. Since the official Kubernetes policy for downstream consumers is "we don't care about downstream consumers", it happens more quickly than one would expect.

As much as I have hated playing whack-a-mole with Maven or Bundler, I hate even more playing whack-an-adamantium-and-invisible-with-xray-eyes-mole against go mod.

link
enneff 1990 days ago
> you often wind up with multiple snapshots from the same repo

Either I’m misunderstanding you or you’re mistaken. You can’t have multiple versions of the same module in a go build.

link
neetle 1990 days ago
_Technically_ you're right. Go considers v0/v1 to be a distinct module from v2. Most people would consider this to be the same module, but Go doesn't. If you want to know more, you can go read the manifesto released by the maintainers about how this is "the best thing ever".

If you never tag v1, you'll never have to deal with it.

link
dilap 1990 days ago
Huh, interesting, thanks for the response.

Does that mean Kubernetes is not following the version tagging policy in its repos? That seems...surprising!

link
simiones 1990 days ago
The Go version tagging policy is a horrible idea for any multi-module git repo, especially one that releases both a product and some libraries.

It would mean that you need to create Go compatible tags for your library releases OR adjust your product versions to match Go's assumptions.

The whole implementation of Go modules is a shit show once you get into the weeds.

link
jacques_chester 1990 days ago
Kubernetes has its own tagging scheme, which makes perfect sense in its context.
link