Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Discontinue use of inputs-digest in Gopkg.lock #1496
Basically, a list of all the imports, constraints, overrides, requireds, and ignoreds.
There are a few reasons why relying on an explicitly-recorded hash digest for this is suboptimal:
To do this, we'll need to write some new general gps functions for checking if a lock is acceptable with respect to an input set, and probably tweak a bunch of our comparison logic. idk the full extent of it right now - i have to dig a bit. But, we need to do this.
To be clear, there's still potential value in these inputs hash digests, mostly around the possibility of pushing some computation to an edge cache, and/or enabling some prefetching or pipelining of data from upstream sources. But using it for this particular local-only check is just bad, and we need to stop.
Here's a list of the checks that we would need, as discussed in the last maintainer's meeting:
Any corrections, additions or questions about the checks are welcome.
It causes merge conflicts because it is the single hottest point of merge
Let's say I clone a project and I run
Even then, it is still a big leap of faith to say that if these values match
I'd suggest doing one of the following.