mleku on Nostr: the amount of telemetry buried deep in so many libraries is disgusting it can often ...
the amount of telemetry buried deep in so many libraries is disgusting
it can often happen that you use some innocent looking set of things and then these pull in more other mostly innocent sounding things and then something nasty under that
this is why i'm obsessive about minimising my imports altogether, and when they are necessary, and there is multiple options i choose the one with the least and least smelly set of indirect imports
not security or privacy related but i don't use the btcec library in btcd because it uses decred code for the schnorr implementation! i mostly copied it out and shredded as much of the garbage i didn't want in it but this is an example of other cases where the common practise of importing all the things leads you into a situation - as a bitcoin maxi, using code from a shitcoin is just not ok, i have to at least copy/paste and sanitize out the downstream connections so i don't see no damn shitcoin in my go.mod
it can often happen that you use some innocent looking set of things and then these pull in more other mostly innocent sounding things and then something nasty under that
this is why i'm obsessive about minimising my imports altogether, and when they are necessary, and there is multiple options i choose the one with the least and least smelly set of indirect imports
not security or privacy related but i don't use the btcec library in btcd because it uses decred code for the schnorr implementation! i mostly copied it out and shredded as much of the garbage i didn't want in it but this is an example of other cases where the common practise of importing all the things leads you into a situation - as a bitcoin maxi, using code from a shitcoin is just not ok, i have to at least copy/paste and sanitize out the downstream connections so i don't see no damn shitcoin in my go.mod