Howard Chu @ Symas on Nostr: #BoltDB is a Go rewrite of #LMDB (mostly; it has a lot more limitations). Since 2021 ...
#BoltDB is a Go rewrite of #LMDB (mostly; it has a lot more limitations). Since 2021 it's had a backdoor that gave remote command access to machines running it.
https://snyk.io/blog/go-malicious-package-alert/
All of this is inconceivable for LMDB, since it has no other dependencies. Also, the thought of an embedded DB engine having access to any networking APIs at all is just mindboggling.
The Go build system, and its automatic pulling of dependencies from github, is ludicrous.
#golang
https://snyk.io/blog/go-malicious-package-alert/
All of this is inconceivable for LMDB, since it has no other dependencies. Also, the thought of an embedded DB engine having access to any networking APIs at all is just mindboggling.
The Go build system, and its automatic pulling of dependencies from github, is ludicrous.
#golang