Posts by Rory Campbell-Lange

how does go deal with typosquatting?

Since I'm spending more time fiddling with go, I was interested in how go would deal with a malicious package once reported.

The answer is https://pkg.go.dev/vuln/ -- this issue is the third one down.

GO-2025-3451

Affects: github.com/boltdb-go/bolt

Published: Feb 05, 2025

The issues are reported by the govulncheck tool which I guess should be part of most go-related CI pipelines.

The source repo (github.com/boltdb-go/bolt) has also been disabled so it doesn't work for "go get" module retrieval.

What was painful 6 years ago

Having run scores of Debian servers and laptops for the last 7 years I'm intrigued to know why the writer considers that "our experience with Debian was not nearly as painful as when we first tried it out five or six years ago". The installation process, famously, can be generally described as pressing "enter" repeatedly and that has not changed in the interim, although hardware support certainly has certainly improved.

Rory Campbell-Lange

You need to read it in plan.

Its a dead end!