Your source for diverse discussions from around the Go community. This show records LIVE every Tuesday at 3pm US Eastern. Join the Golang community and chat with us during the show in the #gotimefm channel of Gophers slack. Panelists include Mat Ryer, Jon Calhoun, Carmen Andoh, Johnny Boursiquot, Angelica Hill, Mark Bates, Kris Brandow, and Natalie Pistunovich. We discuss cloud infrastructure, distributed systems, microservices, Kubernetes, Docker… oh and also Go! Some people search for GoTime or GoTimeFM and can’t find the show, so now the strings GoTime and GoTimeFM are in our description too.
Dependencies are dangerous
Dependencies! We need them, but how do we use them effectively and safely? In this week’s episode Kris is joined by Ian and Johnny to discuss the polyfill.io supply chain attack, the history of dependency management and usage in Go, and the Go Proverb that “a little copying is better than a little dependency”. Of course, we wrap up the episode with some Unpopular Opinions!
Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Speakeasy – Production-ready, Enterprise-resilient, best-in-class SDKs crafted in minutes. Speakeasy takes care of the entire SDK workflow to save you significant time, delivering SDKs to your customers in minutes with just a few clicks! Create your first SDK for free!
Featuring:
- Kris Brandow – Twitter, GitHub
- Johnny Boursiquot – Twitter, GitHub, Website
- Ian Lopshire – Twitter, GitHub
Show Notes:
- Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
- How Go Mitigates Supply Chain Attacks
- Go Proverbs
- A little copying is better than a little dependency
Something missing or broken? PRs welcome!