FRESH

Hacker News

Home

Stop picking my Go version for me

53 points by ingve

by squiggleblaz

3 subcomments

>My package really does depend on the latest patch release!
> Even in the event that your packages code is only correct with a specific patch release, I still think its wrong to put that version in the go directive unless it cannot be compiled with any other version.
I'm not a go user, but this strikes me as an over-reaction. If your code is only correct with a specific patch release, then it really is your business to make that so. If someone downstream wants to use library_method_broadly_correct and not library_method_correct_only_with_latest, then downstream should patch your source to allow them to do something unsupported. That becomes their problem. If this is likely to be a significant problem that will affect many users, then this is a codesmell warning you that you've probably got two libraries which you're just jumbling together into one: the solution isn't to falsely gate a safe function behind a high dependency version, nor to falsely release a function to people who can't use it safely, but to publish each with its own requirements expressly stated.

by spbuilds

0 subcomment

The transitive dependency case is what makes this painful in practice. You’re not even choosing that library it’s three levels deep in your dependency tree, and suddenly CI fails because some maintainer ran `go get go@latest` on a Saturday.

by amiga386

2 subcomments

How your go.mod should look:
```
    go 1.24.0

    toolchain go1.25.7
```
"This module compiles with the language and runtime of go 1.24 and later, but I recommend you use at least go release 1.25.7"
go get can manage this for you - https://go.dev/doc/toolchain#get

by dherls

4 subcomments

The author fails to mention any of the negative effects they experience due to this go version selection. They say that the effect is "viral" but don't give any concrete examples of why it's a bad thing to keep your toolchain up to date

by cweagans

1 subcomments

In other ecosystems, I could see how this could be a problem, but I don’t think I’ve ever had a problem with a Go upgrade.
What’re the actual, practical results of a package pushing you towards a higher go version that you wouldn’t otherwise have adopted right away? Why is this actually important to avoid beyond “don’t tell me what to do”?

by cedws

0 subcomment

I've seen this misconception so many times in open source projects - commits just bumping the version in go.mod to 'get the latest performance and security improvements.' Like no, that's not how it works, you just made your code compile with fewer compiler versions for no reason.
I think the directive could have been named better though, maybe something like min_version.

by simonw

0 subcomment

I used to see supporting multiple versions of Python as an expensive chore... and then I learned how to use the GitHub Actions matrix feature and supporting multiple versions is suddenly easy - my test suites are comprehensive enough that if they pass I'm confident it will work on that version.
I expect this should work equally well for Go.

by OptionOfT

0 subcomment

Or, I have only tested my library on this version, and nothing lower.
> Even in the event that your packages code is only correct with a specific patch release, I still think its not always right to put that version in the go directive unless it cannot be compiled with any other version.
This just makes me shiver. Imagine releasing a library with a version number slightly lower because of this post, it compiles, but there is a bug that brings down production...
Thanks but not thanks.

by barelysapient

3 subcomments

This just got me. Datadog decided that they only support the current and last major versions of Go. So, 1.26 and 1.25. But in my cause we're still on 1.24.13 which was released by the Go team less than two months ago.
Datadog won't be getting a renewal from us.

by thiht

0 subcomment

My solution for this is just use the current latest, or latest-1. There’s no reason not to. If your code is somehow stuck with an old version of Go, it should be considered a high priority bug, this is not normal.

by g947o

0 subcomment

> The version is the minimum version your project can be compiled with.
Sure. But guess what, virtually nobody is going to find out what that "minimum version" is, and your blog post is not going to change that.
Just install the latest toolchain.

by cwbriscoe

0 subcomment

I always stay up with the latest go releases and if I am touching one of my packages that are set to lower in go.mod, I update it. It is an easy maintenance task to make sure I am keeping up with the latest standard library and tooling changes and improvements.

by erelong

0 subcomment

Could there be a user dialog prompt about the suggested version and some control flow that allows people to manually override during installation as a happy medium between these approaches

by oooyay

0 subcomment

> Its not your responsibility to ensure transitive importers of your library are on the latest version of Go. Don't make that decision for them.
and yet the Go maintainers did not include or build (in the future) a tool that determined the minimum version of Go that your application can be compiled in.

by phyzome

2 subcomments

Same situation in Rust crates, AIUI.

by bkdbkd

0 subcomment

Couldn't agree more.

by squirrellous

1 subcomments

Weird that this needs to be said. I’m not familiar with the Go ecosystem, but there is usually a natural incentive for library developers to reach more people, which means you’d want to support the oldest feasible version. If you don’t do that then someone will develop a better library which does support an older version. Is that not happening here?

by charcircuit

2 subcomments

>It is not the version you use to compile your project
But it is the version which they support. Pushing it back to an older version may result in bad behavior even if it does compile.

by Mawr

1 subcomments

> The version is the minimum version your project can be compiled with.
No, it's the minimum version my project is tested with.
> This means when you put a version like 1.25.7, you are deciding for everyone that imports you, transitively or directly, that they MUST be on Go 1.25.7+ to compile their project.
That is fine. This isn't Python or Java, you have no reason to ever be more than one version behind the current release. Just upgrade, it's painless.
> The fact that it defaults to the latest version is just a bad default that people should change.
Funny that: "cmd/go: change go mod init default go directive back to 1.N" https://github.com/golang/go/issues/77653