Hacker News new | ask | show | jobs
by christophilus 2737 days ago
What bothers me most about it is the lack of a checksum, which is something Go modules support. I think that’s a mandatory feature to prevent certain attack vectors. Other than that, I have no problem with this approach.
1 comments
piscisaureus 2736 days ago
Package validation (using a checksum or signature) is definitely on our radar. We just haven't gotten around to it yet.
link