Go Module Mirror FYI
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence Go Module Mirror served backdoor to devs for 3+ years https://arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/ Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence https://www.reddit.com/r/golang/comments/1ii6l00/go_supply_chain_attack_malicious_package_exploits/?rdt=54944 x/pkgsite: links can point at source code that may not match what is served by the module proxy #66653 https://github.com/golang/go/issues/66653 peter -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/83978680-fd31-476a-bc95-4381e992a2b0n%40googlegroups.com.
