I think that might depend on what qualities you define as "safe"?
On Monday, February 12, 2018 at 12:43:05 PM UTC-7, dc0d wrote: > > Is there a way to identify a package as safe? > > Let's restrict the imported packages to built-in ones. Now assuming a > package only imports "strings" and "net/url" can it considered as safe? > Since it does not (can not) modify the environment (most notably executing > code)? > > Of course the package still can behave in a malicious manner by (for > example) creating too many goroutines. > > This came to mind when I was reading about package managers and learnt > some problems that they have. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.