A question has been bugging me for the past few weeks. How can I tell what was used to build a Go application?
As I see various security notices scrolling by my email inbox, I see things like Tomcat or OpenSSL announcing security updates, the JRE, or for that matter, Go itself. Once I see one of those alerts, frequently I want to be able to ask, "are the systems I administer affected?" For a first approximation, StackOverflow says: https://stackoverflow.com/questions/18990242/find-out-the-version-of-go-a-binary-was-built-with But that doesn't appear to work with the first Go executable I tried (on macOS). Version of Go is a start, but it would also be great to know the packages. After a point, I don't expect many ongoing security issues with the Go standard library, but I do expect to see more problems with the supporting packages, so I want to know those, too! If I know the packages, even better if I can know the versions of those packages, or perhaps the version control commits? Is this a known planned feature? Is there an existing way to do this that I've overlooked? Eric. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
