warn: go-bindata repo was recreated

hashicorp / consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

https://www.consul.io

Other

28.24k stars 4.42k forks source link

warn: go-bindata repo was recreated #3868

Closed gobwas closed 6 years ago

gobwas commented 6 years ago

Hi!

Use of go-bindata could be dangerous according to this tweet:

go-bindata creator deleted their @github account and someone else created a new account with the same name. There's no guarantees that the new user has good intentions, so if you're using the repository make sure you verify it first!

At least in listed in GOTOOLS variable and built with tools target in GNUMakefile.

Cheers.

slackpad commented 6 years ago

Thanks for the heads up @gobwas!

commitay commented 6 years ago

@slackpad Running go get for hashicorp/go-bindata fetches jteeuwen/go-bindata

hashicorp/go-bindata/blob/master/go-bindata/main.go

go get -u -v github.com/hashicorp/go-bindata/...
github.com/hashicorp/go-bindata (download)
github.com/jteeuwen/go-bindata (download)
github.com/jteeuwen/go-bindata
github.com/hashicorp/go-bindata/go-bindata

slackpad commented 6 years ago

Good catch @commitay, thank you! I updated the import path via https://github.com/hashicorp/go-bindata/commit/bf7910af899725e4938903fb32048c7c0b15f12e which fixes this:

$ go get -u -v github.com/hashicorp/go-bindata/...
github.com/hashicorp/go-bindata (download)

commitay commented 6 years ago

Thanks for the quick fix!