Hi all, I've been using go modules since 1.10. I am now on 1.11.5. Go mod verify is now failing since I went to go 1.11. Negative is old, plus is new.
-github.com/docker/docker v0.7.3-0.20180827131323-0c5f8d2b9b23 h1:Zl/9mUfPbYbnv895OXx9WfxPjwqSZHohuZzVcjJ5QPQ= +github.com/docker/docker v0.7.3-0.20180827131323-0c5f8d2b9b23 h1:mJtkfC9RUrUWHMk0cFDNhVoc9U3k2FRAzEZ+5pqSIHo= -github.com/hashicorp/go-rootcerts v0.0.0-20160503143440-6bb64b370b90 h1:9HVkPxOpo+yO93Ah4yrO67d/qh0fbLLWbKqhYjyHq9A= +github.com/hashicorp/go-rootcerts v0.0.0-20160503143440-6bb64b370b90 h1:VBj0QYQ0u2MCJzBfeYXGexnAl17GsH1yidnoxCqqD9E= I can "fix" this by simply removing the offending entries and allowing go mod tidy to repopulate them. However, that defeats the purpose of the go.sum, which is to say if a go mod verify has failed, then this should mean that the source code I thought I had no longer exists. What I am trying to figure out is if the way go calculates the hashes has changed and there was or is a bug in that *or *the source code for these two packages at the given git commit ID no longer matches the source code checked out on disk. The later is more concerning to me. Thanks, Joe -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
