[mrusme]

Some might not know this, hence I'm pointing it out: There's an ENV variable that you can set in your dotfiles [1] to make the Go tooling skip any proxy and instead access the the module's repository directly:

export GOPROXY="direct"

I've had this in my ENV for a long time, primarily because I don't agree with how the Go proxy operates. For teams/organizations, as well as CI environments it also makes sense to set up an own proxy [2] and use this variable to let the toolchain use that instead.

While this wouldn't have completely prevented this incident from having an effect, I would argue that it would have at least minimized the impact.

[1]: https://github.com/mrusme/dotfiles/blob/772f09615cdcac94fec9... [2]: https://github.com/goproxy/goproxy