You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
It would be useful to prevent specific versions of a packages from being downloaded, e.g. if a security vulnerability is discovered to be present in certain versions. From what I can tell, it used to be possible to filter specific versions of a package using a filter file, but this mechanism is now deprecated. The currently supported solution of using a download mode file seems to operate at the package level without any ability to configure behavior for specific versions of the package.
Describe the solution you'd like
Ideally the download mode file would allow configuration to be applied to a range of versions for a particular package. I haven't thought too hard about the config structure but something along these lines:
The effect of this config block would be to delete all versions of the crypto package between v0.25.0-v0.31.0 from persistent storage and anywhere that they're cached, and to return a 404 when go get is called for those particular versions.
Describe alternatives you've considered
I don't know of any good alternatives. I could manually delete files from the underlying data stores and purge the cache, but this isn't a scaleable or safe solution.
Additional context
My organization has some internal packages that have thousands of versions (periodically generated code from IDL schema), so for our use case it's necessary that the solution supports a range of versions instead of needing to specify exact version numbers.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
It would be useful to prevent specific versions of a packages from being downloaded, e.g. if a security vulnerability is discovered to be present in certain versions. From what I can tell, it used to be possible to filter specific versions of a package using a filter file, but this mechanism is now deprecated. The currently supported solution of using a download mode file seems to operate at the package level without any ability to configure behavior for specific versions of the package.
Describe the solution you'd like
Ideally the download mode file would allow configuration to be applied to a range of versions for a particular package. I haven't thought too hard about the config structure but something along these lines:
The effect of this config block would be to delete all versions of the crypto package between v0.25.0-v0.31.0 from persistent storage and anywhere that they're cached, and to return a 404 when
go get
is called for those particular versions.Describe alternatives you've considered
I don't know of any good alternatives. I could manually delete files from the underlying data stores and purge the cache, but this isn't a scaleable or safe solution.
Additional context
My organization has some internal packages that have thousands of versions (periodically generated code from IDL schema), so for our use case it's necessary that the solution supports a range of versions instead of needing to specify exact version numbers.
The text was updated successfully, but these errors were encountered: