Re: [go-nuts] Re: Go Module Mirror

[Will Faught]

Also I don’t see the version hash listed on the package page (browsing in iOS Safari). That would help to compare against the repo for tampering. On Feb 5, 2025, at 9:25 AM, will....@gmail.com <will.fau...@gmail.com> wrote: Looks like the package is still in the proxy, and sadly is used by one known person. It would be useful if the proxy site had a tamper warning at the top of a package’s page when the code hash for the version has changed. Perhaps it would be useful to list all the tampered packages in a master list so we can see how pervasive the problem is. On Wednesday, February 5, 2025 at 5:11:17 AM UTC-8 peterGo wrote: Go Module Mirror FYI Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence     https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence     Go Module Mirror served backdoor to devs for 3+ years     https://arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/     Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence     https://www.reddit.com/r/golang/comments/1ii6l00/go_supply_chain_attack_malicious_package_exploits/?rdt=54944     x/pkgsite: links can point at source code that may not match what is served by the module proxy #66653 https://github.com/golang/go/issues/66653 peter -- You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/OWim0aBVTb4/unsubscribe. To unsubscribe from this group and all its topics, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/339b5b35-f44c-4b2a-ac7c-7d7e7a4ffa5an%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/9262AF71-B2A1-45E9-9443-C0B34F72292E%40gmail.com.