Adam, the decision was made between Mathieu, Steve Langasek, and myself.
My understanding was that juju-core was let into yakkety, shortly before the release, with a vendorized golang-go.crypto. That went against the MIR requirements and should not have happened. This SRU attempted to undo the vendorization but would have introduced quite a bit of regression risk in yakkety due to the need to bump the snapshot in the yakkety archive.
I was ok with allowing juju-core to continue to vendorize golang-go.crypto only in yakkety since yakkety is an intermediate release and this mistake was present in yakkety-release. Also, I requested that golang-go.crypto be de-vendorized in juju-core in zesty and continue to not be vendorized in xenial since it is an LTS and we'll be supporting it for quite some time.
Adam, the decision was made between Mathieu, Steve Langasek, and myself.
My understanding was that juju-core was let into yakkety, shortly before the release, with a vendorized golang-go.crypto. That went against the MIR requirements and should not have happened. This SRU attempted to undo the vendorization but would have introduced quite a bit of regression risk in yakkety due to the need to bump the snapshot in the yakkety archive.
I was ok with allowing juju-core to continue to vendorize golang-go.crypto only in yakkety since yakkety is an intermediate release and this mistake was present in yakkety-release. Also, I requested that golang-go.crypto be de-vendorized in juju-core in zesty and continue to not be vendorized in xenial since it is an LTS and we'll be supporting it for quite some time.