Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect module version (v1.9.0) in https://proxy.golang.org/ #32

Closed
joewreschnig opened this issue Aug 6, 2021 · 3 comments
Closed

Incorrect module version (v1.9.0) in https://proxy.golang.org/ #32

joewreschnig opened this issue Aug 6, 2021 · 3 comments

Comments

@joewreschnig
Copy link
Contributor

joewreschnig commented Aug 6, 2021
edited
Loading

There's a version of this module in the default proxy which doesn't seem to be in the repository itself.

$ GONOPROXY="*" go get github.com/prebid/go-gdpr
go get: upgraded github.com/prebid/go-gdpr v0.8.0 => v0.10.0
$ GOPROXY=https://goproxy.v10s.net/ go get github.com/prebid/go-gdpr
go get: upgraded github.com/prebid/go-gdpr v0.10.0 => v1.9.0

The associated checksums are:

github.com/prebid/go-gdpr v1.9.0 h1:VhthA8zFjbOA3ASltDK2PWBUWXBFwXXdyrabtndOsBU=
github.com/prebid/go-gdpr v1.9.0/go.mod h1:OfBxLfd+JfP3OAJ1MhI4JYAV3dSMQYT1QAb80DHpZFo=

And the contents appears to be the same as v0.9.0. It is the only such version in the proxy's version list.

This breaks go get, which will now only get this version and not v0.10.0 or any future versions unless explicitly asked.
@SyntaxNode
Copy link
Collaborator

SyntaxNode commented Aug 16, 2021
edited
Loading

Thank you @joewreschnig for bringing this to our attention.

It looks like we made a mistake with the release of v0.9.0. It was originally labeled as v1.9.0, accidentally. We removed the v1.9.0 release and tag and proceeded to build with the correct v0.9.0 version - but Go proxy still picked up v1.9.0.

To fix the problem, I recommend we retract v1.9.0 to let the Go tool chain know it was a mistake and then move our version to v2.0.0 to keep in the clear. We currently support TCF 2, so it might be nice to have the go-gdpr version also match the TCF spec it supports.

Thoughts?

@SyntaxNode SyntaxNode mentioned this issue Aug 16, 2021
Merged
@joewreschnig
Copy link
Contributor Author

Using a v2.x.y version will require changing the module path for maximum compatibility with go mod tooling, so if you take this route I would hope it includes other deprecations / incompatible fixes (e.g. #31) - otherwise you may be looking at v3 and another new package name "soon".

I'm not familiar with the details of retraction but if it would let the module get back on the v0.x.y path where compatibility expectations are not so strict, that's the route I would take.

@SyntaxNode
Copy link
Collaborator

That's a very good point. We'll move past the bad version of 1.9.0 to version 1.10.0. Marking 1.9.0 as retracted will ensure the proxy no longer recommends it to anyone.

We'll save the v2 moniker for upcoming larger / breaking changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joewreschnig @SyntaxNode