adds vendor directory

[bsdlp]

vendors dependencies in standard vendor directory, managed by glide

[pztrn]

As I can see you haven't ignored vendor directory contents and imported whole source tree of each dependency. This is a very bad practice and I will not accept this PR.

If you want to add dependencies locking and tracking you can take a look at tool that will be included in Golang: https://github.com/golang/dep.

[bsdlp]

on the contrary importing the vendor folder is very much an accepted best practice. it allows for repeatable builds.

golang/dep has its share of problems and while i look forward to the day when it is production ready, as of today (2017-05-15) golang/dep is in ALPHA

[pztrn]

Reproducible builds can be achieved without importing dependencies source code into repository by checking out required version (revision, etc.) of dependency. Glide (govendor, etc.) allows to do that. I do not want to make this repository to be megabytes of weight.

[bsdlp]

would you agree that even if the dependencies were not included in the vendor directory the user would need to pull down the same dependencies?

relying on a version pinned (but not vendored) by glide or other tool is not a guarantee that the build will be reproducible. see left-pad

[pztrn]

Of course, you also have to do some more things (like placing source of URTrator in specific directory). But pinned versions is enough for that. And, as you can see in blog post linked by you, failures was happened because someone unpublished his package and due to inability to use old package versions.

Making reproducible builds is planned, of course, but not like you proposed, because this will make repository be (eventually) measured in hundreds of megabytes, which is bad.