When I first read this thread I assumed the go download was using some
standard tool similar to mvnw or gradlew which download and cache a copy of
the respective tool on use, with md5sum checks and such to verify the
download before use.

But that doesn’t seem to be the case here, the script checks for arm vs
amd64, Linux vs Mac, and then fetches and untars the go distro into tmp.
There is no verification of the download.  The only check is if curl
returned non 0.

I did some google searches and while
there does exist a “gow” tool, it does not seem to be maintained and also
seems to not be in widespread use within the go community.

So while it would be nice to keep things such that someone just runs ant
and gets everything built, given this does not seem to be a standard method
of dealing with a go install in build scripts, I would suggest we stop
doing it.  It looks to be very simple to install  Go, so maybe switch to
telling someone how to install it if it is not found, as well as giving
them the setting to disable that artifact.

-Jeremiah

On Mon, Apr 28, 2025 at 1:49 PM Brandon Williams <dri...@gmail.com> wrote:

> On Mon, Apr 28, 2025 at 12:19 PM Jon Haddad <j...@rustyrazorblade.com>
> wrote:
> >
> > I strongly prefer we didn't install things on users systems they didn't
> ask for.
>
> I agree with you, and it also doesn't make sense to install go for one
> small thing, but depend on (not install) python for a lot more things.
> If we aren't willing to install python why are we installing go?
>
> Kind Regards,
> Brandon
>

Reply via email to