Ok, The package code in question looks like this: - import ( "context" "encoding/json" "flag" "fmt" "io" "log" "net/http" "net/http/httputil" "net/url" "os" "time" "github.com/go-oauth2/oauth2/v4/generates" "github.com/go-oauth2/oauth2/v4/errors" "github.com/go-oauth2/oauth2/v4/manage" "github.com/go-oauth2/oauth2/v4/models" "github.com/go-oauth2/oauth2/v4/server" "github.com/go-oauth2/oauth2/v4/store" "github.com/go-session/session" ) The problem as I see it, is that when the security of the code relies on a package is outside the main program/executable, it can open potential problems of code injection; code changes or forks or if the url has moved, how these issues could cause the collapse of the integrity of the software. Snot-bag
Am Mo., 5. Dez. 2022 um 13:05 Uhr schrieb Robert Engels < reng...@ix.netcom.com>: > The op is trying to say, they wrote the code using github.com/robaho/fixed > but then they decide they want to use a fork of fixed (maybe it is being > maintained better, performance enhancements, etc) but they don’t want to > change all of their code. > > Can they use a replace directive to point at the fork? > > I’m uncertain - because the package references in the fork would all need > to change ? (unless it used relative references which are discouraged). > > I think that is the problem. > > On Dec 5, 2022, at 5:36 AM, Brian Candler <b.cand...@pobox.com> wrote: > > This question makes no sense to me. If your code actually *uses* " > github.com/installed-package" then it will fail to build or run without > it. On the other hand, if it doesn't use it, then just remove the import > (the compiler will complain about unused imports anyway) > > I also don't know what you mean by "keep referencing" (you only need to > import it once in a given source file), nor the "security reasons" you > mention. > > Can you be more specific about what exactly you're trying to do? Can you > point to the real code in question? > > On Monday, 5 December 2022 at 10:46:17 UTC loji...@gmail.com wrote: > >> Hello Everyone, >> I would like to install a Golang Github package, but I do not want to >> keep referencing the installed package in the "imports" section of the code >> - for security reasons, and because I want my code to be able to run >> without those references. Does anyone know if there is a way to do this? >> >> For example: >> >> import ( >> "log" >> "net/http" >> "github.com/installed-package?" >> ) >> >> So, how can I remove the "github.com/installed-package" reference above >> and still be able to run the package? >> >> Regards, >> >> Snot-Bag >> >> -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/1a747ce2-8cbc-496d-a3bb-65211315e024n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/1a747ce2-8cbc-496d-a3bb-65211315e024n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to a topic in the > Google Groups "golang-nuts" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/golang-nuts/JqHFwcFQDdI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/3F50C814-566E-4C72-B836-D669130FFE8D%40ix.netcom.com > <https://groups.google.com/d/msgid/golang-nuts/3F50C814-566E-4C72-B836-D669130FFE8D%40ix.netcom.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAA8AC4UYo4hZ3-4KTGtoKkGsxu9VtZUBxaFjAwEYH9U8pdU7zg%40mail.gmail.com.
