私有存储库是否缓存在 proxy.golang.org 中?
Are private repositories cached in proxy.golang.org?
从 go 1.13 开始,go 模块使用 https://proxy.golang.org/ 来缓存存储库。考虑到我在 github.com/Ihtkas/libraries 中有一个私有存储库作为 go 模块,并且我在另一个本地 go 代码 sort.go 中导入了该模块。当我使用 GIT_TERMINAL_PROMPT=1 构建本地代码时,go 使用我的本地存储库登录凭据构建 sort.go。在这种情况下,go 是否将私有存储库缓存在 proxy.golang.com 中?当其他人导入相同的私有包并使用有效凭据访问该包时,私有存储库中的包是否从 proxy.golang.com 提供,只是将身份验证转发给 github.com?
我的确切问题是
Does go in anyway hold the private repo code in proxy server?
If I don't set GOPRIVATE and request a private module from these services, what leaks?
The proxy and checksum database protocols only send module paths and versions to the remote server. If you request a private module, the mirror will try to download it just as any Go user would and fail in the same way. Information about failed requests isn't published anywhere. The only trace of the request will be in internal logs, which are governed by the privacy policy.
GOPRIVATE按https://golang.org/cmd/go/#hdr-Module_configuration_for_non_public_modules
所述工作
The GOPRIVATE environment variable controls which modules the go command considers to be private (not available publicly) and should therefore not use the proxy or checksum database. The variable is a comma-separated list of glob patterns (in the syntax of Go's path.Match) of module path prefixes. For example,
GOPRIVATE=*.corp.example.com,rsc.io/private
causes the go command to treat as private any module with a path prefix matching either pattern, including git.corp.example.com/xyzzy, rsc.io/private, and rsc.io/private/quux.
总结一下:如果它是私有模块,代理服务会尝试访问它,但会失败。我假设 Go 然后会回退直接访问它,完全绕过代理。为了防止这种往返,将您的私有存储库添加到 GOPRIVATE,如果您仍然担心它,请使用 wireshark 之类的东西来双重确保您的私有模块被直接访问。
从 go 1.13 开始,go 模块使用 https://proxy.golang.org/ 来缓存存储库。考虑到我在 github.com/Ihtkas/libraries 中有一个私有存储库作为 go 模块,并且我在另一个本地 go 代码 sort.go 中导入了该模块。当我使用 GIT_TERMINAL_PROMPT=1 构建本地代码时,go 使用我的本地存储库登录凭据构建 sort.go。在这种情况下,go 是否将私有存储库缓存在 proxy.golang.com 中?当其他人导入相同的私有包并使用有效凭据访问该包时,私有存储库中的包是否从 proxy.golang.com 提供,只是将身份验证转发给 github.com? 我的确切问题是
Does go in anyway hold the private repo code in proxy server?
If I don't set
GOPRIVATEand request a private module from these services, what leaks? The proxy and checksum database protocols only send module paths and versions to the remote server. If you request a private module, the mirror will try to download it just as any Go user would and fail in the same way. Information about failed requests isn't published anywhere. The only trace of the request will be in internal logs, which are governed by the privacy policy.
GOPRIVATE按https://golang.org/cmd/go/#hdr-Module_configuration_for_non_public_modules
The GOPRIVATE environment variable controls which modules the go command considers to be private (not available publicly) and should therefore not use the proxy or checksum database. The variable is a comma-separated list of glob patterns (in the syntax of Go's path.Match) of module path prefixes. For example,
GOPRIVATE=*.corp.example.com,rsc.io/private
causes the go command to treat as private any module with a path prefix matching either pattern, including git.corp.example.com/xyzzy, rsc.io/private, and rsc.io/private/quux.
总结一下:如果它是私有模块,代理服务会尝试访问它,但会失败。我假设 Go 然后会回退直接访问它,完全绕过代理。为了防止这种往返,将您的私有存储库添加到 GOPRIVATE,如果您仍然担心它,请使用 wireshark 之类的东西来双重确保您的私有模块被直接访问。