I think you're right that `go get -u` could be improved on by having some system where the community shares known incompatibilities. It seems like this early-warning system could be built on top of Go modules, though? It might end up being more elegant than what we have, where anyone can report an incompatibility without either module author being involved at first.
Another improvement might be having a way to say "give me just the security fixes".
At first this could be a new tool that you run instead of `go get -u`, so the Go team doesn't have to be the ones to start this project.
People who just want their code to work don't need to care about this. They can run `go get`.
There are always going to be people who just want stable code and repeatable builds, and others who are working on migrating the community to the latest code. (And they might be the same person at different times.) It seems like Go's module system might work pretty well at helping them collaborate while staying out of each others' way?
The linux world solved this with providing a package repository that maintains stable versions of software. This requires a lot of time and effort.
Many software projects simply don't have the labor available to support multiple releases of software. They run tip of master and that's pretty much it.
Uh, I'm not sure why you're linking to that? Maybe I missed something. It doesn't seem to explain anything about library authors marking new versions as security fixes and querying for them, which is what I had in mind.
Another improvement might be having a way to say "give me just the security fixes".
At first this could be a new tool that you run instead of `go get -u`, so the Go team doesn't have to be the ones to start this project.
People who just want their code to work don't need to care about this. They can run `go get`.
There are always going to be people who just want stable code and repeatable builds, and others who are working on migrating the community to the latest code. (And they might be the same person at different times.) It seems like Go's module system might work pretty well at helping them collaborate while staying out of each others' way?