gin icon indicating copy to clipboard operation
gin copied to clipboard

Published 20 hours ago verified publisher icon gin-gonic

Gorilla Is a Hard Dependency that is now no longer maintained.

Open duaneking opened this issue 2 years ago • 3 comments
trafficstars

It looks like https://github.com/gorilla is archived and no longer maintained.

Is it the intention of the gin contributors to assure that a rug-pull does not happen?

Description

Core dependencies used for session and other security management in Gin are used out of gorilla. But the gorilla frameworks themselves are now no longer maintained and are currently in an archived state.

How to reproduce

Read https://github.com/gorilla

Expectations

Dependencies are actively maintained.

Actual result

That doesn't seem to be the case. Well, it's perfectly OK for software to not have a maintainer. The big issue I have is that, if it's not being maintained, then what's going to stop it from getting rug pulled or removed randomly? As an engineer. I mentally trying to figure out what that looks like, because I'm trying to do mental math around dependency management for all my projects.

Environment

All.

duaneking avatar Jun 16 '23 17:06 duaneking

I don't see Gorilla being used by gin?

Also, some RedHat people said they want to take over maintainership of gorilla, but that seems to be taking forever, because 🤷

arp242 avatar Jun 30 '23 02:06 arp242

Gorilla is used by a LOT of gin, mostly in gin-contrib. But without that contrib, gin is a lot less useful.

duaneking avatar Jul 03 '23 19:07 duaneking

It's been unarchived (see this comment from https://github.com/weaveworks/common/issues/272).

@duaneking Can you close this discussion?

codespearhead avatar Jul 15 '24 17:07 codespearhead