Y
Hacker News
new
|
ask
|
show
|
jobs
by
simantel
340 days ago
Wouldn't this also be a problem for Go, which just imports from URLs (mostly GitHub) as well?
1 comments
jitl
340 days ago
The go imports use a Google-owned proxy for resolution which has a vulnerability facility. All golang package installs use the Google-owned proxy unless you set GOPROXY=direct when running go commands.
https://arc.net/l/quote/arrozgok
link
https://arc.net/l/quote/arrozgok