Show HN: Golang binaries built for your users depending on their arch and system

Discussion (4 Comments)Read Original on HackerNews

guessmyname•about 2 hours ago

Oh, this web service is going to be such a nice target for hackers waiting to infect everyone who dares download random binaries. Centralizing “builds on demand” like this creates a pretty juicy supply-chain target. If the service gets popped, you’ve got a one-stop shop for shipping compromised binaries to every arch/OS combo. Convenient idea, but I’d only trust it with strong guarantees: reproducible builds, signed artifacts tied to commits, and a way to verify locally. Otherwise it’s basically “go install URL” with extra steps.

fractorial•about 3 hours ago

I cannot fathom why anyone would want this.

gbraad•about 2 hours ago

It is mostly indicative of another underlying issue, like glibc versions or so. But this also leads to weird situations with reproducibility for QE/error reporting. One of the reasons I also hated some distro wanting to devendor and use distro dependencies. This all makes it harder to have a consistent support matrix.

ivere27•about 2 hours ago

so, it's kinda build server, building golang sources in remote server? then, download the built binary? it seems to be useful for normal enduser I guess

Show HN: Golang binaries built for your users depending on their arch and system

⚡ Community Insights

Discussion (4 Comments)Read Original on HackerNews