Avoid using curl downloads because of the Supply Chain attacks.

btcsuite / btcd

An alternative full node bitcoin implementation written in Go (golang)

ISC License

6.28k stars 2.38k forks source link

Open naveensrinivasan opened 3 years ago

naveensrinivasan commented 3 years ago

Avoid using curl downloads because of the Supply Chain attacks.

Use golang ci as go dependency in a separate go.mod with something like // +build tools https://github.com/ossf/scorecard/blob/main/tools/tools.go
Use GitHub action https://github.com/golangci/golangci-lint-action

vpereira01 commented 2 years ago

curl download removed with #1785 This issue can be closed IMHO.