Is there a way to identify a package as safe?
Let's restrict the imported packages to built-in ones. Now assuming a
package only imports "strings" and "net/url" can it considered as safe?
Since it does not (can not) modify the environment (most notably executing
Of course the package still can behave in a malicious manner by (for
example) creating too many goroutines.
This came to mind when I was reading about package managers and learnt some
problems that they have.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.