@prologic@twtxt.net From Russ Cox: “note that if you set GOPROXY=direct, the go command still uses the checksum database to protect against supply chain attacks. If you really want the go command not to use servers, you also need to set GOSUMDB=off.”

lol it has no end

@prologic@twtxt.net It basically gives them all the same data using GOPROXY does though, does it not?

@prologic@twtxt.net What info do they get via GOPROXY but not get through GOSUMDB? They’d get obviously your IP/connection plus all of the packages you are using, no?

@prologic@twtxt.net I mean my point is that people thought they were excluding Google from that info by turning the proxy off, so Google went and implemented another less known switch to get the same data.

@prologic@twtxt.net I mean, from a historical standpoint, probably no, but the fact that there’s actually two and now a proposed third variable you have to set to keep Google out of your dev tools is a continuing problem, especially since the second one doesn’t seem to be well-known.