|
|
|
|
|
|
by microtonal
4875 days ago
|
|
|
Well, 'package' system is a big word. It does not have versioning, checksums, or signatures. An import of a package may bring in (1) a version that is API-incompatible; (2) a version that is API compatible but has new bugs; and (3) a version that has been trojaned/backdoored/whatever. The only solutions is doing your own package management in $GOPATH, tracking a bunch of Git/Mercurial repositories and finding out by hand which commits are sane and which are not. It's a disaster in the making, really. |
|
|