Finally someone who gets ME! I maintain the Go SDK and leverage Snyk and GitHub to perform dependency checks. I’m mostly using the standard library but I like feeling like I have someone over my shoulder double checking things. I maintain the things built on top of the SDK as well like the Terraform provider so it’s really nice having the foundation and the building. No one else cares but I rewrote the back off/retry logic this week so folk don’t overload the API.
Supply chain attacks are scary. I run as few dependencies as I can without having to reinvent the wheel. I’ve have spent so much time double checking package signing and key security it’s insane.
Oh my god I know exactly what you mean. Even when I’m more of a terraform user. I’ve been interested in go for a while, but my last boss, who was a giant jerk, wanted me to check it, so I decided to go for rust instead.
Fick dich, Christian!
I didn’t dive deep yet, because my daily business is Java/Kotlin and C#, but it seems nice.
Tell me about that SDK. Which technology do you use? What do you think about the latest supply chain attacks?
Finally someone who gets ME! I maintain the Go SDK and leverage Snyk and GitHub to perform dependency checks. I’m mostly using the standard library but I like feeling like I have someone over my shoulder double checking things. I maintain the things built on top of the SDK as well like the Terraform provider so it’s really nice having the foundation and the building. No one else cares but I rewrote the back off/retry logic this week so folk don’t overload the API. Supply chain attacks are scary. I run as few dependencies as I can without having to reinvent the wheel. I’ve have spent so much time double checking package signing and key security it’s insane.
Oh my god I know exactly what you mean. Even when I’m more of a terraform user. I’ve been interested in go for a while, but my last boss, who was a giant jerk, wanted me to check it, so I decided to go for rust instead.
Fick dich, Christian!
I didn’t dive deep yet, because my daily business is Java/Kotlin and C#, but it seems nice.