jcmturner
commented
1 year ago I can't remember but these tags may have been reused. I was unaware this would cause an issue with caching. Looking at the https://proxy.golang.org FAQ I think the closest answer to this situation is:
I removed a bad release from my repository but it still appears in the mirror, what should I do?
Whenever possible, the mirror aims to cache content in order to avoid breaking builds for people that depend on your package, so this bad release may still be available in the mirror even if it is not available at the origin. The same situation applies if you delete your entire repository. We suggest creating a new version and encouraging people to use that one instead.Therefore I think the only course of action is to update to use v8.4.4
The public go proxy cache contains code that isn't in sync with the version tags in the git repository. Example, v8.4.2 and v8.4.3 contains function naming that was reverted by https://github.com/jcmturner/gokrb5/commit/f28be450e3f66136d0ba058b4f84dfe3901eb792.
Were the tags reused or commit updated at some point? Packages importing gokrb5 (via default proxy) appear to be getting stale code.
Example: github.com/colinmarc/hdfs@v2.3.0 has a go.mod targeting gokrb5@v8.4.2. When vendored using 'go mod', the gokrb5/client/client.go contains the function NewFromCCache. In github, the function is NewClientFromCCache.