google/exposure-notifications-verification-server

go mod vendor

marekaf opened this issue · 1 comments

Question

Hi,
I was wondering what is your opinion about vendoring go dependencies using go mod vendor?

We are trying to follow this upstream's go styleguide and wondering if we should vendor or not. Our main motivation for vendoring is being able to build our project anytime in the future.

Thanks!

With Go 1.15+ and the module cache, vendoring is much less important. However, if you want total control over your current and future builds, vendoring may be a good choice for you.

Since this decision isn't unique to this project, it may be better to ask on the core Go project. I also found some helpful opinions on Stackoverflow. Ultimately this is a decision your organization makes to balance a number of factors.