You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I try to install latest version using default go proxy GOPROXY="https://proxy.golang.org,direct" everything works fine, but if I turn it off go gives me an error:
bash-5.1# GOPROXY=direct go get -u github.com/uber/tchannel-go
go: downloading github.com/uber/tchannel-go v1.31.0
go get github.com/uber/tchannel-go: github.com/uber/[email protected]: verifying module: checksum mismatch
downloaded: h1:/UFpXqSe9D346M+wTfwUj1+IjgTi5ETUOZJYGpiJPI8=
sum.golang.org: h1:svHYN3O0gtWvuU9Qw2a0Ktr8ciEdP/l/LyZoePU9wnU=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
After investigations I found out that /UFpXqSe9D346M+wTfwUj1+IjgTi5ETUOZJYGpiJPI8= checksum is corresponig to the commit tagged with v1.31.0 but svHYN3O0gtWvuU9Qw2a0Ktr8ciEdP/l/LyZoePU9wnU= belongs to d84cd5f commit which is 8 commits behind the v1.31.0. This means that everybody who gets v1.31.0 using go get -u github.com/uber/tchannel-go doesn't really gets 1.31.0 unless they turn go proxy off, but in this case checksum validation is failing.
Proposed solution
Release v1.31.1 ASAP. Even if it points to the same c373222 commit as v1.30.0.
The text was updated successfully, but these errors were encountered:
Problem
If I try to install latest version using default go proxy
GOPROXY="https://proxy.golang.org,direct"
everything works fine, but if I turn it off go gives me an error:After investigations I found out that
/UFpXqSe9D346M+wTfwUj1+IjgTi5ETUOZJYGpiJPI8=
checksum is corresponig to the commit tagged withv1.31.0
butsvHYN3O0gtWvuU9Qw2a0Ktr8ciEdP/l/LyZoePU9wnU=
belongs to d84cd5f commit which is 8 commits behind thev1.31.0
. This means that everybody who getsv1.31.0
usinggo get -u github.com/uber/tchannel-go
doesn't really gets 1.31.0 unless they turn go proxy off, but in this case checksum validation is failing.Proposed solution
Release
v1.31.1
ASAP. Even if it points to the same c373222 commit asv1.30.0
.The text was updated successfully, but these errors were encountered: