* Posts by Rory Campbell-Lange

3 publicly visible posts • joined 10 Mar 2008

Poisoned Go programming language package lay undetected for 3 years

Rory Campbell-Lange

how does go deal with typosquatting?

Since I'm spending more time fiddling with go, I was interested in how go would deal with a malicious package once reported.

The answer is https://pkg.go.dev/vuln/ -- this issue is the third one down.

GO-2025-3451

Affects: github.com/boltdb-go/bolt

Published: Feb 05, 2025

The issues are reported by the govulncheck tool which I guess should be part of most go-related CI pipelines.

The source repo (github.com/boltdb-go/bolt) has also been disabled so it doesn't work for "go get" module retrieval.

'Lenny': Debian for the masses?

Rory Campbell-Lange

What was painful 6 years ago

Having run scores of Debian servers and laptops for the last 7 years I'm intrigued to know why the writer considers that "our experience with Debian was not nearly as painful as when we first tried it out five or six years ago". The installation process, famously, can be generally described as pressing "enter" repeatedly and that has not changed in the interim, although hardware support certainly has certainly improved.

Rory Campbell-Lange

NetApp changes name to NetApp

Rory Campbell-Lange

You need to read it in plan.

Its a dead end!