On Friday, December 27, 2024 at 6:41:08 PM UTC-6 Sean Liao wrote: The public module ecosystem is backed by a transparency log https://go.dev/ref/mod#checksum-database This doesn't allow you to reuse (change the definition of) any published module + tag combination observed by the proxy infrastructure.
Okay, that's neat, and not great, but fine. That problem can be ignored for now. I am correct in understanding this is like a blockchain then of md5sum like hashes? BUT NO CODE RIGHT? In other words, the module proxies and pkg.go.dev don't get feed from the transparency log, the code can still be purged. Allowing go-delete to purge the code is what is still needed. Some other solution can be designed to sidestep the existing signed checksums. The permanent existence of those could be useful anyway. As long as it's only storing the checksum for the namespace@version. So, again, please expose the functionality to delete things. jcarr -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/0ae16b7a-efb7-49ef-984f-e6fdcf20646bn%40googlegroups.com.
