search

gin-gonic / gin

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
https://gin-gonic.com/
MIT License
78.23k stars 7.98k forks source link

Gorilla Is a Hard Dependency that is now no longer maintained. #3647

Open duaneking opened 1 year ago

duaneking commented 1 year ago

It looks like https://github.com/gorilla is archived and no longer maintained.

Is it the intention of the gin contributors to assure that a rug-pull does not happen?

Description

Core dependencies used for session and other security management in Gin are used out of gorilla. But the gorilla frameworks themselves are now no longer maintained and are currently in an archived state.

How to reproduce

Read https://github.com/gorilla

Expectations

Dependencies are actively maintained.

Actual result

That doesn't seem to be the case. Well, it's perfectly OK for software to not have a maintainer. The big issue I have is that, if it's not being maintained, then what's going to stop it from getting rug pulled or removed randomly? As an engineer. I mentally trying to figure out what that looks like, because I'm trying to do mental math around dependency management for all my projects.

Environment

All.

arp242 commented 1 year ago

I don't see Gorilla being used by gin?

Also, some RedHat people said they want to take over maintainership of gorilla, but that seems to be taking forever, because 🤷

duaneking commented 1 year ago

Gorilla is used by a LOT of gin, mostly in gin-contrib. But without that contrib, gin is a lot less useful.

codespearhead commented 2 months ago

It's been unarchived (see this comment from https://github.com/weaveworks/common/issues/272).

@duaneking Can you close this discussion?