Also, if you are concerned about the availability of the packages in the
future, use vendoring to pull in a copy of the sources to the
repo: https://go.dev/ref/mod#go-mod-vendor
Peter
On Monday, 5 December 2022 at 13:35:25 UTC Brian Candler wrote:
> On Monday, 5 December 2022 at 13:12:26 UTC l
On Monday, 5 December 2022 at 13:12:26 UTC loji...@gmail.com wrote:
> The problem as I see it, is that when the security of the code relies on a
> package is outside the main program/executable, it can open potential
> problems of code injection; code changes or forks or if the url has moved,
>
Ok,
The package code in question looks like this: -
import (
"context"
"encoding/json"
"flag"
"fmt"
"io"
"log"
"net/http"
"net/http/httputil"
"net/url"
"os"
"time"
"github.com/go-oauth2/oauth2/v4/generates"
"github.com/go-oauth2/oauth2/v4/errors"
"github.com/go-oauth2/oauth2/v4/manage"
"github.com
The op is trying to say, they wrote the code using github.com/robaho/fixed but
then they decide they want to use a fork of fixed (maybe it is being maintained
better, performance enhancements, etc) but they don’t want to change all of
their code.
Can they use a replace directive to point at th
This question makes no sense to me. If your code actually
*uses* "github.com/installed-package" then it will fail to build or run
without it. On the other hand, if it doesn't use it, then just remove the
import (the compiler will complain about unused imports anyway)
I also don't know what yo
