undefined | Better HN

0 pointsnoja9y ago0 comments

So you install the go equivalents from your distro. If your distro doesn't have them, you vote for them to add them (or go through whatever process your distro has).

0 comments

alanctgardner39y ago

The repo maintainers are going to be on the hook to rebuild every dependency every time any package in the dependency chain changes. That sounds like a nightmare versus the current scenario where only one package gets revved when a library has a bug.

cyphar9y ago

If you have an automated build system (like OBS -- the Open Build System used by openSUSE) where dependencies are rebuilt automatically and security fixes can be pushed to maintainence automatically.

dcposch9y ago

Not every time a library changes, only every time one has a security bug.

nojaOP9y ago

So either the repo maintainers do it, or they stop being relevant (for this use case). Or someone else comes along to fill the gap.

j / k navigate · click thread line to collapse