Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: cmd/go: include vcs revision in module .info files #44742

Open
seankhliao opened this issue Mar 2, 2021 · 3 comments
Open

proposal: cmd/go: include vcs revision in module .info files #44742

seankhliao opened this issue Mar 2, 2021 · 3 comments
Labels
Projects
Milestone

Comments

@seankhliao
Copy link
Contributor

@seankhliao seankhliao commented Mar 2, 2021

It would be nice to have a way to tell which revision the proxy saw when it got a version from upstream. While this information isn't needed most of the time, it is helpful in debugging sum mismatches / moved tags. Currently to do so we can only download from both upstream and the proxy and diff the directories.

@gopherbot gopherbot added this to the Proposal milestone Mar 2, 2021
@gopherbot gopherbot added the Proposal label Mar 2, 2021
@heschi heschi changed the title proposal: proxy.golang.org: include vcs revision in .info proposal: cmd/go: include vcs revision in module .info files Mar 2, 2021
@heschi
Copy link
Contributor

@heschi heschi commented Mar 2, 2021

proxy.golang.org just forwards on the .info files generated by the go command.

cc @jayconrod @bcmills

@jayconrod
Copy link
Contributor

@jayconrod jayconrod commented Mar 2, 2021

It wouldn't be too hard to add optional fields to .info files.

But I should point out that these files aren't authenticated, and it's possible they can change over time or be reported differently by different proxies. I think the go command would have to ignore this information when reporting security errors.

cc @matloob as well.

@seankhliao
Copy link
Contributor Author

@seankhliao seankhliao commented Mar 2, 2021

I agree they shouldn't be considered for reporting security errors just for humans identifying issues, I don't think the information would be reliably available either (old versions, mod as vcs)

@ianlancetaylor ianlancetaylor added this to Incoming in Proposals Mar 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Incoming
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants