Sum mismatch on v0.10.2

Question

Sum mismatch on v0.10.2

iaburton opened this issue 2 years ago · 2 comments

Hello!

First, thank you for creating this generic-fork of the GoDS repo, I've been using it with success for the past month or so.

That said, my CICD system caches the Go mod/sum information, that way the data doesn't need to be pulled each time from the origin but also in case of a malicious replacement of a version of a package.

It seems like there may have been a change or replacement of v0.10.2 sometime in the last month or two?

github.com/ugurcsen/gods-generic@v0.10.2: verifying module: checksum mismatch
	downloaded: h1:LeNa5QEDBRqZik4hvrbikzcyPjQk+ZZ3WL4F9j5QQKg=
	sum.golang.org: h1:dE/4oQEeO/oMVcWwcVeJhboxYJ0WVIbVVjOGJ32xL90=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

I found what looked like an accidental v0.10.3 release on deps.dev (the open source information link from the pkg.go.dev website)
https://deps.dev/go/github.com%2Fugurcsen%2Fgods-generic/v0.10.2/versions

There also seem to be a small number of updates on master. In order to correct this issue would it be possible to release another small version bump, perhaps v0.10.4 to correct the mismatch issue with 0.10.2?

Thank you!

Answer 1 · 2023-08-10T17:45:21.000Z

I release v0.10.4. Can you approve it is fixed?

Answer 2 · 2023-08-24T18:26:49.000Z

Yes sir, it appears that releases fixes it. Thank you!