undefined | Better HN

0 pointsjjnoakes10y ago0 comments

What do you do when a dependency has a security problem? Or some other bug?

0 comments

Its generally unlikely those things lead to interface changes. e.g. func bcrypt(salt string, password string). Generally the bug isn't in the interface. So its somewhat safe to upgrade the dep and see if the compiler complains

Also exporting of interfaces is protected by case private()/Public() which leads to refined interfaces being exported. And the go vet tool expects all exported functions be documented.

Not saying a package manager wouldn't be nice.

jjnoakesOP10y ago

This didn't directly answer my question, but it implies that you just periodically update all of your dependencies to the latest versions and pray your tests pass with minimal changes required.

Yes?

Goopplesoft10y ago

The tools essentially causes that to happen (its a bad thing). When someone installs your package (and you don't pin them somehow with something like godeps, path management, http://labix.org/gopkg.in, etc) you recursively retrieve the deps from some source at HEAD and that package is now updated for every other package using that GOPATH.

1 more reply

j / k navigate · click thread line to collapse

0 comments

Goopplesoft10y ago

Also exporting of interfaces is protected by case private()/Public() which leads to refined interfaces being exported. And the go vet tool expects all exported functions be documented.

Not saying a package manager wouldn't be nice.

jjnoakesOP10y ago

This didn't directly answer my question, but it implies that you just periodically update all of your dependencies to the latest versions and pray your tests pass with minimal changes required.

Yes?

Goopplesoft10y ago

1 more reply

j / k navigate · click thread line to collapse