package (the vulnerable ssl lib) needs to be upgraded. If a problem with
Go's SSL implementation is discovered, every Go application that might use
that library needs to be rebuilt, and for packages without source code you'd
never know which ones include the vulnerable code. He does, however, agree
that the 'single binary' deployment is an improvement over fighting with
multitudes of Perl or Python modules.
Go make's that better, since you have the source code and they are
static-linked, you can update the code, recompile everything and
redeploy without much trouble, one single makefile could do that.

And, given how Go works, you could replace the wrong library with your
fixed one. Now you can have a fix at source level and fix the library
yourself if the main author aren't helpful.
and for packages without source code
Even if you are using dynamic-linked, using packages without the
source isn't "safe". You will need to trust the author's of the

André Moraes

You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 7 of 20 | next ›
Discussion Overview
groupgolang-nuts @
postedJan 30, '13 at 10:39a
activeJan 30, '13 at 5:51p



site design / logo © 2021 Grokbase