-0 Not a big deal, the library seems small and stable enough, and the license is fine. But is it really necessary? Generating a V4 GUID is as simple as:
uuid := make([]byte, 16) _, err := rand.Read(uuid) Do we need V1 GUIDs? IMO we should never be generating V1 GUIDs, unless they're absolutely necessary for something like backwards compatibility. They include the user's MAC and can be a security concern. If not, is it really worth pulling in a library for 2 lines? On Mon, Sep 23, 2019 at 10:17 AM Dan Kirkwood <dang...@gmail.com> wrote: > Yes -- BSD-3 is a category A license: > > https://apache.org/legal/resolved.html#category-a > > On Mon, Sep 23, 2019 at 10:11 AM ocket 8888 <ocket8...@gmail.com> wrote: > > > For rewriting the /user/reset_password endpoint (PR #3932) I was > importing > > the github.com/google/uuid library for generating UUIDs used as > temporary > > login tokens. That's backward-compatible with Perl (for all that > matters). > > The repo is licensed under BSD-3 which I think is Apache-compatible, but > I > > think bringing that to the attention of the mailing list is standard > > procedure. > > >