proposal: cmd/go: deprecate direct fallback in GOPROXY #40580
Comments
|
Isnt there the possibility of companies running their own internal sum db with internal url set in GOSUMDB? This does not require that the external proxy has the same visibility to packages as the internal sum db server. |
|
Running a sumbd without a proxy would be another use case, but it is pretty weak, since there are few sumdb only implementations, and most are both proxy and sumdb. Furthermore, my main suggestion is to remove |
|
There is still the possibility of the go proxy being unavailble while the sumdb is not. And the proxy might not have the module or be able to fetch the module while the sumdb already knows about it. Its nice to have a usable fallback to improve overall reliability. Letting clients fetch directly also allows the proxy to loadshed requests without immediatly impacting the clients ability to get modules. Otherwise the default behaviour of clients would force them to continue to reach out to the module proxy continuing the load. |
|
If we are assuming that general network instability needs to be solved by the toolchain, then why do we hard fail when we cannot reach sum.golang.org? Furthermore, it is inconcevable that, for the default values, one could reach sum.golang.org, but not proxy.golang.org, since they are the same service. This reflects all internal module deployments that i have seen too. |
Im certain if given the access controls or due to the right set of circumstances to disable traffic to proxy.golang.org while sum.golang.org will be fine.
They may or may not be currently. They dont have to be in the future and they dont have to use the same load balancer config. |
|
The go command does not need to consult As I said in #40358, there may be room for a usability improvement in the error messages, but I don't think there's much chance at all of this proposal being accepted. |
|
@ianlancetaylor: can you add this to the proposals project? |
|
Done. (You could also just e-mail me a list of issues.) |
|
Sorry, that would have been easier, but thanks a bunch; if I get bored, I may look through for open tickets with the proposal label and milestone without the project, and I will email that list to you. |
|
This proposal has been added to the active column of the proposals project |
|
Based on the discussion above, this proposal seems like a likely decline. |
|
No change in consensus, so declined. |
background
As noted in #40358, the
,directsuffix to the default value ofGOPROXYis confusing. In isolation it makes sense, but with the added requirement of a sumdb, it seems broken.If you cannot access
sum.golang.org, the toolchain fails:If you fallback to
direct, this implies thatproxy.golang.orgcannot fetch your source, thussum.golang.orgcannot either. As such, even if you manage to fetch a moduledirectly, the sumdb verification will fail:The only use case I can conceive for this feature, is if you wanted to fetch from vcs, and still retain the benefits of sumdb verification, but let me know if there is something I am missing.
Based on this understanding, it seems like there are two type of packages: accessible and inaccessible (wrt the proxy/sumbd). The former case are things that can be served by proxy.golang.org, or your (private) module proxy of choice. The latter are things that must be fetched from vcs directly. Documentation suggests using
GOPRIVATEfor the latter, and we have shown thatGOPROXY=directwill not work.description
I propose we remove the
,directsuffix from theGOPROXYdefault value. We should keep the keyword around to prevent breaking changes, but modify its behaviour so that it is a nop and prints a warning to the user.While this may seems like we are forcing people to use
proxy.golang.orgexclusively, this was already done withGOSUMDB=sum.golang.org.alternatives
We could actually make
directwork by having it skip the sumdb verification, however there were concerns about it "destroying the security model" in #40358.While we could also leave it alone, but I hope that I have shown that
,directcannot work the way one expects it to today, thus is just noise and confusion to most users.The text was updated successfully, but these errors were encountered: