Just some brainstorming.
Google uses and recommends vendoring in Go apps.
I’ve being using govendor and it is very clever. E.g.: It just copies the necessary files to the vendor folder (test files and others aren’t copied). Also, it flattens the vendor folder, if any dependencies also use it.
- Reproducible builds. Can compile older versions even if dependencies have breaking changes.
- Less issues on GitHub about Gogs not compiling because the user forgot to do
go get -u ./...
- More control dependencies updates. E.g.: xorm won’t break Gogs every week.
- Gogs repo will be bigger.