New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Module 'taken over' #2
Comments
This was referenced Nov 29, 2021
Thanks for the heads up. The fix for consumers would be to update their imports to use github.com/acobaugh/osrelease. You are correct, I changed my name from cobaugh to acobaugh for consistency across my personal accounts. |
Thanks for the quick reply @acobaugh :) I will leave up to you if this issue should be linked on the 'taken over' repo in some way or not. |
oif
pushed a commit
to oif/node-problem-detector
that referenced
this issue
Mar 4, 2022
For more details visit acobaugh/osrelease#2
oif
added a commit
to oif/node-problem-detector
that referenced
this issue
Mar 4, 2022
For more details visit acobaugh/osrelease#2
souryogurt
pushed a commit
to cyberok-org/soldr
that referenced
this issue
Dec 1, 2022
The author has moved the osrelease under another account. This causes the build to break. See acobaugh/osrelease#2
souryogurt
pushed a commit
to cyberok-org/soldr
that referenced
this issue
Dec 1, 2022
The author has moved the osrelease under another account. This causes the build to break. See acobaugh/osrelease#2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you go to github.com/cobaugh/osrelease you can see that someone has created a cobaugh org to try to 'take over' the dependency (I am guessing since @acobaugh's old Github name was 'cobaugh').
If you use a Go proxy like proxy.golang.org then you will still be served the old code version and nothing will break, but if you don't this will be a problem. From a security point of view, if you use the proxy or if you were using the dependency before the 'take over', this is also harmless since the go.sum entry will prevent you being served a malicious version of the code.
I don't think much can be done to fix things (unless either Github or the author of the take over repo wants to collaborate) but I wanted to post this here so it can be linked as an explanation elsewhere.
The text was updated successfully, but these errors were encountered: