New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Drop support for golang 1.2.x and 1.3.x #22
Comments
We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/105512206. |
+1 for removing old versions. In general, would it be an idea to only include the latest binary payload of the compiler binaries and make the other, well-defined set, download on demand? This could significantly reduce the total binary payload of the go build pack in cf-release which today is .5 GB (438,021,879). Only the PHP build pack is larger then the go build pack. |
The hiccup in Go is the Godeps/Godeps.json files that have very specific On Wed, Oct 14, 2015 at 10:17 AM, Gert Drapers notifications@github.com
Dr Nic Williams |
+1 for removing old versions. We can edit |
See related: tools/godep#297 and heroku#100 |
It looks like @kr is open to a PR to godep that would simply save I'll prioritize a story for that. |
It appears this issue was addressed in 61721ad (v1.7.0) |
Yes, thanks. This was released in v1.7.0. Apologies for not closing this out. |
Proposal to drop support for golang 1.2.x and 1.3.x
This issue describes a proposal to drop support for golang 1.2 and 1.3 from the Cloud Foundry
go-buildpack
. The community is asked to comment on this proposal.The Challenge
Under our current, informal, "skinny buildpack" policy, we do not deliver binaries that are no longer supported upstream, for some definition of "supported". Generally, "supported" means "will receive security updates."
According to this thread on the golang developer mailing list, only the current major branch will receive security updates.
This appears to be a "soft" policy, as 1.4.x received an update to 1.4.3 in September of this year to address a set of CVE vulnerabilities.
That said, it appears clear that 1.2 and 1.3 are no longer receiving security updates, and so could reasonably be declared "unsupported" by upstream.
The Proposal
We propose here simply to drop golang 1.2 and 1.3 support from the buildpack. Currently (v1.6.2 as of this writing on 2015-10-12), the buildpack vendors 1.2.1, 1.2.2, 1.3.2, and 1.3.3.
I'd like to implement this change no later than go-buildpack v1.6.4, or the end of October 2015.
How you can help
Please comment on this issue! If you're relying on golang 1.2 or 1.3 in production, we'd like to know how this is going to impact you. If you foresee challenges regarding upgrades to golang 1.4 or 1.5, we'd like to know.
Thank you!
The text was updated successfully, but these errors were encountered: