Really solid write-up, thanks for putting this together. The bit about GOPROXY=a,b vs a|b was new to me — I’ve run into weird issues before with private modules and now it makes a lot more sense.
Dependabot supporting private proxies is huge too. I remember just giving up on it for Go projects with private deps because it would always break. Excited to try this out.
Curious though — for smaller teams that don’t want to run their own proxy, do you think sticking with public + direct is “good enough,” or is that still risky in terms of leaking private module names?
RezaSi•3h ago
Dependabot supporting private proxies is huge too. I remember just giving up on it for Go projects with private deps because it would always break. Excited to try this out.
Curious though — for smaller teams that don’t want to run their own proxy, do you think sticking with public + direct is “good enough,” or is that still risky in terms of leaking private module names?