Lift You Own Dependencies

I’ve just stumbled upon this issue

And if I get this right, these guys are the authors of Gopkg.toml and Gopkg.lock formats that are used by Tidelift to analyze dependencies.

I wanted to see how many repositories on GitHub contain this file, but GitHub search is broken, becase the query “autogenerated path:/ filename:Gopkg.lock” doesn’t return even dep's own Gopkg.lock.

Now, what is the process to push this forward?
How many Lifters are currently using this format to keep track of their dependencies?

Thanks for bringing this to our attention @abitrolly! I would have completely missed it.

I’m a little unclear how we could push this forward. We are actively working on our Golang support (it’s still in beta), but I believe they could sign up to become lifters for the package on Tidelift; however, I don’t think any of our subscribers have signed up with applications written in Golang yet and we are still working to find packages to join the platform.

Did you have anything specific you were imagining?

Yes. I think it would be appropriate if somebody from Tidelift invited @kevinburke (or the whole project - I am not sure how it works) here https://github.com/golang/dep/issues/2165 and then it would be good if Tidelift itself subscribed to them. This is what I meant by “lift your own dependencies” topic title.

1 Like