On Saturday, February 22, 2020 at 9:36:30 AM UTC+1, Jakob Borg wrote: > > On 20 Feb 2020, at 19:40, Filippo Valsorda <fil...@golang.org > <javascript:>> wrote: > > > Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a > vulnerability > > > Am I the only one to think that this kind of versioning is not ideal for a > module that's important (and stable) enough to require CVE:s and > vulnerability announcements? Even something trivial like just linearly > increasing the patch version (v0.0.47 etc) would be easier to deal with in > go.mods and still communicate a lack of compatibility guarantee... > > That will mean releasing a new version for every new commit.
Manlio -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/12cfb5c9-0cb3-4405-a2b8-ffe2b23b1847%40googlegroups.com.
