Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
cmd/go: try next proxy if dial proxy failed #32253
if we got dial error when using the proxy lists, we should try next proxy. Now only 404 and 410 will try next proxy.
We can wrap dial op error as a
As default lists
My personal preference is not to try the next proxy if the first proxy fails or isn't reachable - so the user knows the failure situation and chooses to explicitly opt out to the next proxy or gets alerted.
If we fallback to the next proxy silently in case the first proxy fails to responds, it can lead to unexpected leakage of private module paths. There could be other security implication but I will let @FiloSottile chime in.
I can see a pretty bad scenario like
Since GONOSUMDB is not scoped per proxy, this would let the fallback proxy provide arbitrary answers for company.internal/foo if http://proxy.internal is unreachable. That's pretty much unacceptable.