Andrew Lee <[email protected]> writes: > On Wed, Mar 4, 2026 at 2:02 AM Arnaud Rebillout <[email protected]> wrote: >> I'd think a little code vendoring can be better than a circular >> dependency. In this particular case, the maintainer of this package >> knows best. > I would like to share my experience when I deal with circular > dependency while updating golang-google-api and go-google-cloud > packages. > > 1. Use vendoring to bootstrap both binary packages. > 2. Put these binary packages into a local repo where allows pbuilder > or sbuild to use. > 3. Do the clean and proper way to updating the package without > vendoring but use the local repo in pbuilder or sbuild. > 4. Replace the vendoring binary packages with clean packages in the local > repo. > 5. Rebuild the package with clean binary packages. > > This way I can always skip the circular dependency locally. After I > cleanly updated and built the package, do binary upload first and then > source upload.
Even better if that bootstrapping is part of debian/rules and explained in debian/README.source so others can reproduce it. /Simon
signature.asc
Description: PGP signature
