That's not true, a fully randomly generated byte sequence like that doesn't conform to https://tools.ietf.org/html/rfc4122 . Which doesn't _require_ the use of a MAC address, though it does specify how one can be used. Specifically, you need to set timestamp, version and variant information. A fair question, though, would be "who cares?" Is conformance with that RFC important? I suppose I never really thought about it. We don't use any of that information, so why bother doing it? Idk, do you think that could be useful? Or just unnecessary?
On Mon, Sep 23, 2019 at 10:24 AM Robert Butts <[email protected]> wrote: > -0 > > Not a big deal, the library seems small and stable enough, and the license > is fine. But is it really necessary? Generating a V4 GUID is as simple as: > > uuid := make([]byte, 16) > _, err := rand.Read(uuid) > > Do we need V1 GUIDs? IMO we should never be generating V1 GUIDs, unless > they're absolutely necessary for something like backwards compatibility. > They include the user's MAC and can be a security concern. > > If not, is it really worth pulling in a library for 2 lines? > > > On Mon, Sep 23, 2019 at 10:17 AM Dan Kirkwood <[email protected]> wrote: > > > Yes -- BSD-3 is a category A license: > > > > https://apache.org/legal/resolved.html#category-a > > > > On Mon, Sep 23, 2019 at 10:11 AM ocket 8888 <[email protected]> wrote: > > > > > For rewriting the /user/reset_password endpoint (PR #3932) I was > > importing > > > the github.com/google/uuid library for generating UUIDs used as > > temporary > > > login tokens. That's backward-compatible with Perl (for all that > > matters). > > > The repo is licensed under BSD-3 which I think is Apache-compatible, > but > > I > > > think bringing that to the attention of the mailing list is standard > > > procedure. > > > > > >
