The go.mod and source code references moul.io/protoc-gen-gotemplate rather than github.com/moul/protoc-gen-gotemplate. Using a personal DNS is a potential security problem, as the code could be changed from that published on GitHub. To protect against this, projects that use this repo would have to qualify all refs with hashes rather than just the version.
I am guessing that you do this to make it easier to test locally and override the domain name? I'm not a fan of how Go uses URL refs, rather than published package refs to crates.io or the like.
In any case, is there a chance you can revert the source back to using GitHub.com urls?
The
go.modand source code referencesmoul.io/protoc-gen-gotemplaterather thangithub.com/moul/protoc-gen-gotemplate. Using a personal DNS is a potential security problem, as the code could be changed from that published on GitHub. To protect against this, projects that use this repo would have to qualify all refs with hashes rather than just the version.I am guessing that you do this to make it easier to test locally and override the domain name? I'm not a fan of how Go uses URL refs, rather than published package refs to
crates.ioor the like.In any case, is there a chance you can revert the source back to using GitHub.com urls?