[iforgotpassword]

> For every kilobyte of Go code available on GitHub, GitLab, and other Git forges, there are unknowable megabytes of private Go code that will never see the light of day (or maybe they will if LAPSUS$ decides to make that company a target).

> Without knowing what ports of Go are used, the Go team can’t make sure that the right time is spent on maintaining those ports.

Am I being overly pragmatic if not selfish for thinking this is absolutely fine? If you use a free tool behind closed doors to make money and don't want to opt-in to telemetry, then I couldn't care less if the go team doesn't make go work better for your use case. Meanwhile I'm developing my open source project with telemetry turned on, ?????, PROFIT.

[jonhohle]

i.e. there are 10s-100s of millions publicly available LoC, but we really need to see your private workflow without your consent.

[mariusor]

I remember people pointed out that Google already knows this, unless you go out of your way to use a company wide GOPROXY. Every time you sync your dependencies with go mod, you tell google what you're doing.

[str3wer]

also why mentioning a group of kids that bought stolen employee credentials and got arrested for it?

[richbell]

It's a joke referring to their practice of dumping companies' internal source code publicly.