/ go Public
cmd/go: describe difference in
go mod verify vs verification during 'go mod tidy'
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
What version of Go are you using (
Does this issue reproduce with the latest release?
What operating system and processor architecture are you using (
What did you do?
tainted the hash in the
go.sumfile in workspace (e.g. modifying the hash values manually) and ran
go mod tidyand
go mod verify
What did you expect to see?
go mod verifyreports the problem.
What did you see instead?
go mod verifyreports everything is all good.
go mod tidydetects the problem.
I guess it's because
go mod verifychecks only whether the version in the cache is valid.
go mod help verifyimplies that already, but I found this behavior somewhat surprising.
The text was updated successfully, but these errors were encountered: