New comment by kaey on void-packages repository

https://github.com/void-linux/void-packages/pull/28825#issuecomment-799257479

Comment:
> So, Go 1.16 seems to be behaving very weirdly
> 
> See https://gist.github.com/Foxboron/94163c11a2c43ab523d3bc5597e4c49d
> 
> And from IRC:
> 
> ```
> 2021-02-23 12:01:55     ericonr Foxboron: what exactly am I looking at? are the results different just because of the command you used?
> 2021-02-23 12:02:03     Foxboron        ericonr: Yes
> 2021-02-23 12:02:43     Foxboron        ericonr: It's intended. -buildmode=pie uses another codepath that doesn't always include cgo. That introduces a 2 year old bug nobody has figured out where sometimes Go decides to not include CGO even if requested.
> 2021-02-23 12:03:01     Foxboron        The workaround is to always use -ldflags=-extldflags. But you can't win that fight with GOFLAGS since the parser is broken
> ```

`ldflags` in this example are incorrect. it should be `-ldflags=all=-linkmode=external`.
In any case FORTIFY_SOURCE is completely useless for pure go binaries (which fzf is) and RELRO is useless (IIUC) for static binaries, which is again true for pure go binaries.