Great article. I was doing this before with Go projects, and always did "go mod vendor" which downloaded all packages into a vendor folder. But now I let CI do it, as I like to keep the repositories small. You could achieve the same if your code relies on some stable registry cache that ensures over time that your vendor packages are reproducible.
pltvss|1 year ago