I don't see why we want this - the default behavior here is sane and correct :)

I don't see why we want this - the default behavior here is sane and correct :)

Then we should be removing vendorSha256 = null; from packages and docs?

I don't see why we have implicit and explicit method for the same thing?

Hmmm - how would you rephrase the docs - "if upstream has a working vendor folder, don't set updateSha256"?

I like the explicit variant better. Most of the time one has to set vendorSha256 and not setting it might lead to harder to understand errors.
If it is missing however one will look up in the documentation what this checksum is about.

Okay - then lets merge.

@ofborg eval

Derp - just found a bug with this. If this is required, you have to set

vendorSha256=null
modSha256="..."

So we're breaking existing users of modSha256 :(

vendorSha256 has been in master for a month now and we're removing modSha256 for the next release anyway, do we want it fixed or should we leave it and remove the modSha256 code?

Mhm. I think we should keep in support for modSha256 so people can add both checksums in packages they want to build for 20.03 and master. This makes transition easier. I have seen this scheme in NUR. Most people that are currently on master also should have migrated to vendorSha256 by now.

I think we should keep in support for modSha256 so people can add both checksums in packages they want to build for 20.03 and master.

In #90217 I've cherry picked the vendorSha256 changes (without the warning) so they can be used on 20.03.

Doesn't look like vendorSha256 is in the manual yet, I've been having to look through issues for guidance on how to keep my own projects building. Is there an issue tracking that?

https://github.com/NixOS/nixpkgs/blob/master/doc/languages-frameworks/go.xml#L39

vendorSha256 in in the docs, not sure why the manual hasn't updated.

I'm guessing the manual is only built from stable?