On Thu, Aug 17, 2017 at 09:54:43AM -0700, Eric Johnson wrote: > The compiler, at least, knows which packages were used to compile the > source. Even absent additional metadata from something like Gopkg.lock, the > compiler could still include info about the packages compiled into a > binary. Knowing that something might be vulnerable - but not knowing the > version from the executable - is still better than not knowing at all.
If the set of packages as described by their import paths is useful to you, you already get that today by calling nm (or 'go tool nm') on the binary. The printed list of symbols should give you a pretty good idea about the contents of a particular binary, just without explicit version information. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
