课程: Secure Coding in Go

今天就学习课程吧!

今天就开通帐号,24,700 门业界名师课程任您挑!

Dependency management

Dependency management - Go教程

课程: Secure Coding in Go

开始一个月试用 购买团队方案

Dependency management

- [Instructor] Russ Cox from the Go team wrote a great article about dependency management problems. I highly recommend you read it. Most open source projects has one or two maintainers, and they usually work on the project after hours. Do you know the maintainers of the dependencies you use? Do you trust them? Did you check the code for bugs within ISO security? Did you check the dependencies of the dependencies? Et cetera, et cetera. Linus law states that given enough eyeballs, all bugs are shallow. This stands true for security as well. Go and standard library are used by more people than any other external package you will use. And the Go team has a security policy in place and some dedicated people to work on the subject. Most, if not all, the external packages we will use don't have the resources to do that. What I'm trying to highlight is that you should treat any external package you use as a security risk, and…

内容