Track tasks and feature requests
Join 36 million developers who use GitHub issues to help identify, assign, and keep track of the features and bug fixes your projects need.
Sign up for free See pricing for teams and enterprisescmd/go: allow verifying vendored code #27348
Comments
FiloSottile
added
NeedsInvestigation
FeatureRequest
modules
labels
Aug 29, 2018
FiloSottile
added this to the Go1.12 milestone
Aug 29, 2018
FiloSottile
changed the title
cmd/go: feature request: verify vendored code
cmd/go: allow verifying vendored code
Aug 29, 2018
bcmills
referenced this issue
Oct 11, 2018
Closed
cmd/go: go mod vendor does not produce a consistent modules.txt #28102
bcmills
modified the milestones:
Go1.12,
Go1.13
Oct 25, 2018
bcmills
referenced this issue
Dec 3, 2018
Open
cmd/go: the vendor/ folder should be kept up to date if present #29058
bcmills
referenced this issue
Jan 30, 2019
Open
cmd/go: should default to use mod=vendor flag if the vendor folder exists #27227
This was referenced Feb 15, 2019
This comment has been minimized.
This comment has been minimized.
|
This is still on our radar, but probably not happening for 1.13. (We have a lot to do this cycle!) I'm hoping to get to it in 1.14, but we don't have a 1.14 milestone defined yet. |
bcmills
modified the milestones:
Go1.13,
Unplanned
Feb 15, 2019
stp-ip
added a commit
to stp-ip/caddy
that referenced
this issue
Mar 5, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
krancour commentedAug 29, 2018
go mod verifyis extremely useful for validating the integrity of modules in the local cache.It would be great if projects that choose to vendor their modules (then presumably building with
go build -mod vendor ...) had a similar command to verify the integrity of modules in that directory.This would satisfy a major requirement that many projects need to account for in their CI process-- ensuring that vendored code hasn't been tampered with.