Comment by SwiftyBug
5 months ago
I completely agree with you, but let's not pretend that Go's dependency manager is free from supply chain attacks vulnerabilities. The whole module mirror shenanigans took a hit on my trust of Go's module management.
Go still has one of the best supply chain security stories of any language.