[lucian1900]

With the gigantic disadvantage of security updates requiring recompiling everything :(

[marshray]

I've never seen an organization that didn't do a full rebuild of every build product contained in each release anyway. Usually it's just faster and less error-prone to do a full rebuild than to recompile the minimal set of source files and relink.

[lucian1900]

If one uses dynamic linking, one can use (some) system-provided libraries, which will get security updates in the usual manner.

[marshray]

It looks like Go supports dynamic linking to "system" libraries. At least on MS Windows this https://code.google.com/p/go/codesearch#go/src/cmd/dist/wind... call to FormatMessageW http://msdn.microsoft.com/en-us/library/windows/desktop/ms67... would be to an implementation in Kernel32.dll that would receive security updates.

On Linux there's a large gray area for things like libexpat.so.1 that may or may not be linked dynamically. But libc is LGPL, so I expect it too would be linked dynamically.

[tptacek]

Yeah, true, each time that happens, it'll be 450ms of your life you'll never get back.