Remove github.com/otiai10/copy dependency#2239
Remove github.com/otiai10/copy dependency#2239alexandear wants to merge 3 commits intocontainers:mainfrom alexandear:remove-otiai10-copy-dependency
Conversation
Signed-off-by: Oleksandr Redko <Oleksandr_Redko@epam.com>
|
LGTM |
mtrmac
left a comment
There was a problem hiding this comment.
Thanks!
I don’t feel strongly about the change itself.
It’s just… This is a unit test. It does not show up in any dependency of c/image. So why is it important to trim dependencies? To me, adding and reviewing extra ~55 lines of code for no end-user benefit seems like a bad trade. So what am I missing? Are there any negative effects of that dependency I don’t know about, which would also apply to other dependencies in the future?
|
@mtrmac The README indeed categorizes Adding to this, having fewer dependencies enhances the overall control we have on the application. Reviewing and adding 55 lines of code is a one-time task. But every extra dependency is an added layer of complexity, potential security risk, and another component that should be maintained and kept updated. We are simplifying the application maintenance process by trimming down dependencies, just as Rob Pike mentioned about keeping the dependency tree small (check video). https://medium.com/@cep21/aspects-of-a-good-go-library-7082beabb403 |
I mean… % cat foo.go
package foo
import "github.com/containers/image/v5/oci/layout"
func main() {
_ = layout.Transport
}
% go mod tidy && go mod vendor
% grep -lr 10/copy
./go.sumTest-only dependencies don’t really “infect” the consumer. |
mtrmac
left a comment
There was a problem hiding this comment.
The recent commits need to follow https://github.com/containers/image/blob/main/CONTRIBUTING.md#sign-your-prs .
(And eventually, please squash them into one.)
|
Actually, you're right. Test dependencies won't inflect customer since Go 1.18. Found this change Closing PR. |
This PR replaces usage of
copy.Copywith hand-writtencopyDirfunction. It's not worth keeping this dependency used only in tests.Yeah,
copyDiris not ideal, andcopy.Copyis much more powerful and covers many of OS's corner cases, but for tests it's good. In the future, we can return this dependency ifcopy.Copywill be needed for the prod code.