From nobody Tue Mar 25 10:27:53 2025 X-Original-To: freebsd-go@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZMR2f1wGJz5sKy8 for ; Tue, 25 Mar 2025 10:28:10 +0000 (UTC) (envelope-from einar@isnic.is) Received: from mx01.isnic.is (mx01.isnic.is [193.4.58.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx01.isnic.is", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZMR2d3xHmz4H8k for ; Tue, 25 Mar 2025 10:28:09 +0000 (UTC) (envelope-from einar@isnic.is) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=isnic.is header.s=20200921 header.b="aFH4/yS+"; dmarc=pass (policy=quarantine) header.from=isnic.is; spf=pass (mx1.freebsd.org: domain of einar@isnic.is designates 193.4.58.133 as permitted sender) smtp.mailfrom=einar@isnic.is Received: from ht-mailstore01.isnic.is (ht-mailstore01.isnic.is [185.93.156.2]) by mx01.isnic.is (Postfix) with ESMTPS id B7A0EF0F9 for ; Tue, 25 Mar 2025 10:28:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isnic.is; s=20200921; t=1742898486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o/rWm1Mn4i3ILcvt3jq2jFknXlNXEAjfUCIaysjH+4U=; b=aFH4/yS+xlutlxrz40DHc58+AFMKjB/LXIt3vK8lqHuc/k/WyW0DVloQI0Uce41McCQSOT ae0bf3blVq3B/GtHCyzM5/LSVygSgFXAKKSCZKEX178F/wrGf1PO+L9Zj44NFFTUcLcOMz wZtYWkIQ29TJi49jilK+w67efQpWGHcqdQBEbnCRoPXxUWJv5QHaig3ToiRvJFqdsGL3KS nqbcXId0VZDpM5byghUKbVhUU4ADsATowwvwZFlykzmGnDAYuMuKLq3v4EFdH8kPWZ5k7j Pw5Q3ueD3YEfC8J91RTgfeGqpx/jNNgfQIsdvo/ugnrKhL7Yb/Cq25Ayg3ZcUw== Received: from smtpclient.apple (unknown [185.93.159.194]) by ht-mailstore01.isnic.is (Postfix) with ESMTPS id B2D991D239 for ; Tue, 25 Mar 2025 10:28:06 +0000 (UTC) From: =?utf-8?Q?Einar_Bjarni_Halld=C3=B3rsson?= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: Go language ports maintenance List-Archive: https://lists.freebsd.org/archives/freebsd-go List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-go@freebsd.org Sender: owner-freebsd-go@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\)) Subject: govulncheck for go ports Message-Id: Date: Tue, 25 Mar 2025 10:27:53 +0000 To: freebsd-go@freebsd.org X-Mailer: Apple Mail (2.3826.400.131.1.6) X-Spamd-Result: default: False [-2.36 / 15.00]; RBL_SENDERSCORE_REPUT_9(-1.00)[193.4.58.133:from]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[isnic.is,quarantine]; NEURAL_SPAM_LONG(0.34)[0.335]; NEURAL_HAM_MEDIUM(-0.20)[-0.201]; R_DKIM_ALLOW(-0.20)[isnic.is:s=20200921]; R_SPF_ALLOW(-0.20)[+ip4:193.4.58.0/23]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:1850, ipnet:193.4.58.0/23, country:IS]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MLMMJ_DEST(0.00)[freebsd-go@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-go@freebsd.org]; DKIM_TRACE(0.00)[isnic.is:+] X-Rspamd-Queue-Id: 4ZMR2d3xHmz4H8k X-Spamd-Bar: -- Hi, I sent a mail to ports@freebsd.org asking if running `govulncheck` as = part of `make test` would be advisable. I maintain two go ports, and I=E2=80=99ve recently started using = `govulncheck` for other projects. It=E2=80=99s a tool that scans used modules for known = vulnerabilities and warns if your code is calling vulnerable code.=20 https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck Instead of running govulncheck as part of `make test`, it was suggested = to add a new parameter: > I'd rather make it an argument of USES=3Dgo, something like = USES=3Dgo:vulncheck >=20 > This would allow Go ports to opt-in into the feature. Is this something you think is interesting? My PR to add govulncheck to ports is = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285627 .einar=