Your message dated Wed, 1 Feb 2023 15:06:20 +0800
with message-id
<cafyclw8kozo1mue1mcjfzpv0hjncaxgurvcsddey2bk5qf0...@mail.gmail.com>
and subject line Re: Bug#1026922: golang-go: The HTTP_PROXY variable is
incorrectly implemented to accept SOCKS proxies. HTTP≠SOCKS
has caused the Debian Bug report #1026922,
regarding golang-go: The HTTP_PROXY variable is incorrectly implemented to
accept SOCKS proxies. HTTP≠SOCKS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1026922: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026922
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-go
Version: 2:1.15~1
Severity: normal
X-Debbugs-Cc: [email protected]
The go standard libraries apparently include some automatic proxy
support for /go/ apps when the HTTPS_PROXY variable is populated. The
problem is that SOCKS proxies are accepted. A SOCKS proxy is a
different beast than an HTTP proxy. The HTTP*_PROXY variables are
conventially used by browsers to specify HTTP proxies. It’s misleading
and wrong to use it to specify SOCKS proxies.
Here is an example of an app that uses the /go/ standard libs in this
way:
https://github.com/emersion/hydroxide/issues/110#issuecomment-751387567
URLs with the socks*:// scheme should be refused & trigger an error.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990,
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-19-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages golang-go depends on:
ii golang-1.15-go 1.15.15-1~deb11u4
ii golang-src 2:1.15~1
golang-go recommends no packages.
Versions of packages golang-go suggests:
ii git 1:2.30.2-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Control: tags -1 wontfix
On Sat, Dec 24, 2022 at 7:45 AM <[email protected]> wrote:
>
> Package: golang-go
> Version: 2:1.15~1
> Severity: normal
> X-Debbugs-Cc: [email protected]
>
> The go standard libraries apparently include some automatic proxy
> support for /go/ apps when the HTTPS_PROXY variable is populated. The
> problem is that SOCKS proxies are accepted. A SOCKS proxy is a
> different beast than an HTTP proxy. The HTTP*_PROXY variables are
> conventially used by browsers to specify HTTP proxies. It’s misleading
> and wrong to use it to specify SOCKS proxies.
>
This is exactly feature that Go upstream provides for a long time.
If you think differently, you should open a "proposal" in Go upstream,
https://github.com/golang/proposal#the-proposal-process
--
Shengjing Zhu
--- End Message ---
