Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why? If some open source maintainer goes off the rails and deletes all their packages, why should that break my builds? I still have a valid license to the code, I don't really care that a maintainer rage quit 4 dependencies down from my application. I certainly don't want to have to scramble to deal with that.


This is an argument for maintaining a local cache of necessary build dependencies, not to rely on a third party.


Before the proxy service that is what people did. Now we don't need to because the proxy service handles that automatically.

You can run your own proxy service if you want. There's a large benefit to the go community as a whole for there to be a shared default proxy service.


Do they change the behavior if the repo was dropped for legal issues, and no valid licenses could have been obtained because the repo owner didn't have one in the first place?


The go proxy won't save modules that don't have a permissive license.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: