Open duaneking opened 1 year ago
I don't see Gorilla being used by gin?
Also, some RedHat people said they want to take over maintainership of gorilla, but that seems to be taking forever, because 🤷
Gorilla is used by a LOT of gin, mostly in gin-contrib. But without that contrib, gin is a lot less useful.
It's been unarchived (see this comment from https://github.com/weaveworks/common/issues/272).
@duaneking Can you close this discussion?
It looks like https://github.com/gorilla is archived and no longer maintained.
Is it the intention of the gin contributors to assure that a rug-pull does not happen?
Description
Core dependencies used for session and other security management in Gin are used out of gorilla. But the gorilla frameworks themselves are now no longer maintained and are currently in an archived state.
How to reproduce
Read https://github.com/gorilla
Expectations
Dependencies are actively maintained.
Actual result
That doesn't seem to be the case. Well, it's perfectly OK for software to not have a maintainer. The big issue I have is that, if it's not being maintained, then what's going to stop it from getting rug pulled or removed randomly? As an engineer. I mentally trying to figure out what that looks like, because I'm trying to do mental math around dependency management for all my projects.
Environment
All.