A security-oriented Go compiler(github.com)

4 pointsby conslit5 hours ago1 comment

conslit5 hours ago
cybergo is a security-focused fork of the Go toolchain. In a very simple phrasing, cybergo is a copy of the Go compiler that finds bugs.
- verdverm3 hours ago
  Is the plan to contribute them back to Go?
  How is a one person fork of Go in any way going to ever be more secure than the original which is developed by many people? Why should I trust your changes? Is this actually an adversarial project that will hide and rug pull down the road?
  - conslit3 hours ago
    1. "Is the plan to contribute them back to Go?" - No. They won't accept the up-streams. See https://github.com/golang/go/issues/30613
    2. "How is a one person fork of Go in any way going to ever be more secure than the original which is developed by many people? " - Read the README.
    3. "Why should I trust your changes?" - You don't have to. The same reasons you don't have to trust the Github project you're cloning.
    4. "Is this actually an adversarial project that will hide and rug pull down the road?" - Read the code.
    Sarcasm aside, the objective is "helping to find bugs in Go codebases via built-in security implementations". That's mainly used for fuzzing and testing. Don't deploy you compiled binary on production with that compiler.
    verdverm2 hours ago
    If the Go team will not accept your changes, I would trust their judgement over yours 100%