Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upcmd/go: allow verifying vendored code #27348
Comments
FiloSottile
added
NeedsInvestigation
FeatureRequest
modules
labels
Aug 29, 2018
FiloSottile
added this to the Go1.12 milestone
Aug 29, 2018
FiloSottile
changed the title from
cmd/go: feature request: verify vendored code
to
cmd/go: allow verifying vendored code
Aug 29, 2018
bcmills
referenced this issue
Oct 11, 2018
Closed
cmd/go: go mod vendor does not produce a consistent modules.txt #28102
bcmills
modified the milestones:
Go1.12,
Go1.13
Oct 25, 2018
bcmills
referenced this issue
Dec 3, 2018
Open
cmd/go: the vendor/ folder should be kept up to date if present #29058
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
krancour commentedAug 29, 2018
go mod verifyis extremely useful for validating the integrity of modules in the local cache.It would be great if projects that choose to vendor their modules (then presumably building with
go build -mod vendor ...) had a similar command to verify the integrity of modules in that directory.This would satisfy a major requirement that many projects need to account for in their CI process-- ensuring that vendored code hasn't been tampered with.