I think that might depend on what qualities you define as "safe"?
On Monday, February 12, 2018 at 12:43:05 PM UTC-7, dc0d wrote:
> Is there a way to identify a package as safe?
> Let's restrict the imported packages to built-in ones. Now assuming a
> package only imports "strings" and "net/url" can it considered as safe?
> Since it does not (can not) modify the environment (most notably executing
> Of course the package still can behave in a malicious manner by (for
> example) creating too many goroutines.
> This came to mind when I was reading about package managers and learnt
> some problems that they have.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.