Comment by vzaliva
1 month ago
I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..
1 month ago
I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..
> I wish it has a .deb package..
Generally speaking, the Debian package management system is really not a place I would look for prompt updates when new versions of software are released.
You might be confusing the .deb package format with the release cadence of the Debian Stable distribution.
Why not? It works roughly the same as any other binary distribution format. Given that the project is written in go, it's also unlikely to have many dynamically linked dependencies.
“go install” does not have an update mechanism. I imagine most people using it would consider such an anti-feature; it is not a package manager.
I certainly don’t want programs I “go install” to change underneath me without notice or review. That’s basically handing ownership of your computer to a remote developer.
> That's basically handling ownership of your computer to a remote developer.
System / application package updates??
Compare the security resources of the median OS publisher with the median go package publisher.
An OS update from Debian, Apple, or Microsoft is not the same thing as a new version tag on a random go CLI app made by one person (or even a team of people).
Furthermore, while it is becoming much more common for OS package managers to autoupdate apps, it still isn’t the default state of affairs for most apps. OS updates are a different matter.
In any case, even without these comparisons, handing RCE to 20 organizations/developers/publishers is worse than handing it to 1 or 2.
Just `git pull` and `go build` should work!
this does not scale if you have 20-30 small utilities installed on your system.