Go’s tooling is an undervalued technology
- As it has no external dependencies, you can build the latest version of Go using just the compiler in seconds and cross-compiling only needs setting a couple of environmental variables (GOOS and GOARCH).
- Go uses decentralized package management, or rather, module management. There is no central module manager or module registration, no external repository to trust and no need for an internal one.
- Since a module only needs to be hosted on a reachable network with valid HTTPS certification, with the network path becoming the name, there is no worry over duplicating popular module names.
- Dependencies are cryptographically locked to versions. So, an upstream source cannot change a published module for those depending on it.
- As each dependency is a single point of failure, Go checks with a module proxy before fetching the dependency. If you prefer, there is a GOINSECURE option for experimentation to avoid HTTPS certification.
Full post here, 6 mins read