[RELEASE] Released v0.1.1 gomodule source code and upstream v0.1.1 tag mismatch #231
Labels
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
Describe the issue:
It has been brought to my attention that the source code in go module
[email protected]
downloaded with thego get
command actually does not match the source code state in upstream v0.1.1 tag.Specifically, according to https://pkg.go.dev/sigs.k8s.io/[email protected] the version was cut on Jul 3 2023, whereas from https://github.com/kubernetes-sigs/network-policy-api/commits/v0.1.1/ it was actually released on Aug 17. As a result, any source code / deliverables downloaded by user with the normal workflow (go.mod require or go get) for v0.1.1 will not include the change set from Jul 4 to Aug 17. If we clear all go cache and force
go get
to not use GOPROXY, it will try to download v0.1.1 from this repo, which will trigger a security error because of checksum mismatch:Suggestions:
A new release should be cut with tag v0.1.6 and marked as the latest release. After this, we should figure out how to resolve the discrepancy for v0.1.1 release.
The text was updated successfully, but these errors were encountered: