Go’s tooling is an undervalued technology

  • As it has no external dependencies, you can build the latest version of Go using just the compiler in seconds and cross-compiling only needs setting a couple of environmental variables (GOOS and GOARCH).
  • Go uses decentralized package management, or rather, module management. There is no central module manager or module registration, no external repository to trust and no need for an internal one.
  • Since a module only needs to be hosted on a reachable network with valid HTTPS certification, with the network path becoming the name, there is no worry over duplicating popular module names.
  • Dependencies are cryptographically locked to versions. So, an upstream source cannot change a published module for those depending on it.
  • As each dependency is a single point of failure, Go checks with a module proxy before fetching the dependency. If you prefer, there is a GOINSECURE option for experimentation to avoid HTTPS certification.

Full post here, 6 mins read