https://bugzilla.redhat.com/show_bug.cgi?id=2376217 --- Comment #20 from Dave Dykstra <dwd@xxxxxxx> --- It will be easy enough to apply a patch this time because the el8/9/10 version is almost up to date currently, plus it turns out that the update to the released version of go required by openbao was updated from the el8/9/10 version very shortly before the release. I will go ahead and make that change. I will also try to persuade the openbao project to slow down its updates of required go version. However, I'm not sure this is a sustainable approach given the speed at which golang is updated upstream vs when it is updated in el8/9/10. The latter often for months ships versions that are no longer supported by upstream golang. Recent versions of go also insert their version into go.mod more frequently than they used to, so dependencies are frequently requiring newer versions of go. I am the release manager of apptainer and I work hard there to avoid requiring a version of golang newer than el8/9/10 supplies, and I often have to defer dependabot updates for many months when dependencies require newer versions. So I have first hand experience with this situation and so far have not run into any high severity security updates in dependencies that make an update urgent, but I don't expect that will always be the case. I have not found this policy in the Fedora golang packaging guidelines; please point me to it if I missed it. Also please tell me if it has been specifically debated, and if not tell me how I can raise the issue for debate. The go source code tarball is not that big, only 30M, and the language is so efficient that it can fully rebuild itself using an older version compiler in just a few minutes, so I don't understand why this has to be a MUST requirement. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2376217 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202376217%23c20 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
