I'm attempting to convert a project from govendor to dep. However, I'm finding one limitation in dep to make this impossible. In govendor, in the vendor.json file, I can have different packages from the same source have different revision hashes. Like this, for example:
{
"checksumSHA1": "iYT7abLMy0Vfyy8nwoDZYirLrI4=",
"path": "github.com/docker/docker/api/types",
"revision": "deed26f7f0f9a9d279b8ac99389f204d9063d1a4",
"revisionTime": "2018-03-29T10:06:29Z"
},
{
"checksumSHA1": "jVJDbe0IcyjoKc2xbohwzQr+FF0=",
"path": "github.com/docker/docker/api/types/blkiodev",
"revision": "88c0317e23449d6ff730a1073f240586cbdfd4ba",
"revisionTime": "2017-08-23T07:13:08Z"
},
However, when I solve this with dep init, the final .lock file seems to have picked the latest version:
[[projects]]
digest = "1:3101683c3a63814ac8fe12a61fa01b728340f647c484d71573a31f041a68e7bc"
name = "github.com/docker/docker"
packages = [
"api/types",
"api/types/blkiodev",
]
pruneopts = "UT"
revision = "deed26f7f0f9a9d279b8ac99389f204d9063d1a4"
Unfortunately, having every package under github.com/docker/docker at the same revision doesn't work for us at all. Trying to make them all one revision brings up an entire cascade of revision changes to other transitive packages that we simply cannot tolerate at this time. (This example is pruned down, we have a lot of packages under github.com/docker/docker, and those packages are pidgeon-holed into three or four different versions).
So the question is, can dep handle having packages from the same "name" with different revisions? If so, are we stuck forever with govendor? That would make me personally unhappy because govendor is... uh... challenging... (it's probably how we got into this bad place)
Thanks in advance for all the help!
