Gin Gorilla Is a Hard Dependency that is now no longer maintained.

It looks like https://github.com/gorilla is archived and no longer maintained.

Is it the intention of the gin contributors to assure that a rug-pull does not happen?

Description

Core dependencies used for session and other security management in Gin are used out of gorilla. But the gorilla frameworks themselves are now no longer maintained and are currently in an archived state.

How to reproduce

Read https://github.com/gorilla

Expectations

Dependencies are actively maintained.

Actual result

That doesn't seem to be the case. Well, it's perfectly OK for software to not have a maintainer. The big issue I have is that, if it's not being maintained, then what's going to stop it from getting rug pulled or removed randomly? As an engineer. I mentally trying to figure out what that looks like, because I'm trying to do mental math around dependency management for all my projects.

Environment

All.

Comment From: arp242

I don't see Gorilla being used by gin?

Also, some RedHat people said they want to take over maintainership of gorilla, but that seems to be taking forever, because 🤷

Comment From: duaneking

Gorilla is used by a LOT of gin, mostly in gin-contrib. But without that contrib, gin is a lot less useful.

Comment From: codespearhead

It's been unarchived (see this comment from https://github.com/weaveworks/common/issues/272).

@duaneking Can you close this discussion?