Skip to content

Review proposed Golang ecosystem changes #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mkonda opened this issue May 1, 2019 · 3 comments
Open

Review proposed Golang ecosystem changes #13

mkonda opened this issue May 1, 2019 · 3 comments
Assignees
@mkonda

Comments

@mkonda
Copy link
Collaborator

mkonda commented May 1, 2019

https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md
@mkonda mkonda self-assigned this May 1, 2019
@mkonda
Copy link
Collaborator Author

mkonda commented May 1, 2019

golang/go#25530

@mkonda
Copy link
Collaborator Author

mkonda commented May 1, 2019

Specific comments:

  1. The go.sum concept is useful in
  2. The go distributed source ecosystem (eg. github repos) is usefully decentralized.

But:

  1. I don't see any clear authentication of developers
  2. I don't see a security alerting mechanism
  3. No MFA
  4. No security alerting process

Basically none of the Tier 2 items we are talking about are really addressed in this proposal.

@mkonda
Copy link
Collaborator Author

mkonda commented May 1, 2019

golang/go#25530

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkonda mkonda

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mkonda