On Friday, December 27, 2024 at 6:56:00 PM UTC-6 Jeffery Carr wrote: On Friday, December 27, 2024 at 6:41:08 PM UTC-6 Sean Liao wrote:
The public module ecosystem is backed by a transparency log https://go.dev/ref/mod#checksum-database This doesn't allow you to reuse (change the definition of) any published module + tag combination observed by the proxy infrastructure. If, what you are saying is true, and this is truly immutable like a blockchain, this this is bad. Whomever is working on it will want to immediately work on fixing that. I won't go into the nefarious reasons here. Let's just say it's going to have to be fixed. Cryptographically signing this is bad. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/906723e7-1b57-4deb-b9c4-b4acb89a4f4an%40googlegroups.com.
