You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Those are indeed pertinent questions to which I don't have answers 😄, which is in large part the reason for me raising this issue. The UI/UX around this is not clear.
I see go mod vendor at one end of the spectrum of solutions here: dependencies committed along with code. At the other end of the spectrum (possibly) is some tool where dependencies get reviewed, "signed off" and served by a controlled proxy.
I guess I sit somewhere in between - I don't want my dependencies committed along with my code, but equally I'm not Big Corp enough to go all-out with my own proxy.
It's entirely possible that the tool I have in mind could use go mod vendor under the cover without committing vendor/ - I haven't really given it much thought.
@ianlancetaylor apologies for the delay. There is really no further update to what's written above. There hasn't been any further discussion on this topic on golang-tools calls either. Might be worth closing for now therefore?