-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce dependencies #23
Comments
I did some research today, motivated by wondering if Go's linker could detect code from included libraries that's not actually called. It turns out the linker does have deadcode detection, but there are common patterns in popular libraries that cause deadcode detection to be disabled for many cases (see also golang/go#14840). This is something that would be great for the greater Go ecosystem to fix, but is probably outside the scope of sigstore-go specifically. |
See sigstore/sigstore-go#23. It might seem silly, but this reduces the size of sigstore-go by over 1 MB. We're already using asaskevich/govalidator elsewhere in Rekor, so no new dependencies added. If we wanted to remove go-playground/validator entirely from Rekor (which would shrink rekor-cli by over 1 MB as well), we'd need additional work to rekor-cli/app/ files pflags.go and validate.go. Signed-off-by: Zach Steindler <steiza@github.com>
See sigstore/sigstore-go#23. It might seem silly, but this reduces the size of sigstore-go by over 1 MB. We're already using asaskevich/govalidator elsewhere in Rekor, so no new dependencies added. If we wanted to remove go-playground/validator entirely from Rekor (which would shrink rekor-cli by over 1 MB as well), we'd need additional work to rekor-cli/app/ files pflags.go and validate.go. Signed-off-by: Zach Steindler <steiza@github.com>
See #23 This lets us reduce the size of the sigstore-go binary by over 4 MB, since sigstore/rekor/pkg/types has many dependencies.
See #23 This lets us reduce the size of the sigstore-go binary by over 4 MB, since sigstore/rekor/pkg/types has many dependencies. Signed-off-by: Zach Steindler <steiza@github.com>
Description
Tracking issue to coordinate on reducing the number of dependencies in the library.
A few thoughts so far:
The text was updated successfully, but these errors were encountered: