Hacker News new | past | comments | ask | show | jobs | submit login

I'm not sure I like this feature. I prefer to be in control of the software that runs on my system, without any automated downloads. But I'm a nixos user so...



Author here, also a big user of NixOS.

But strangely I liked this feature, mostly because it allows me to use newer features without needing to wait nixpkgs to update the Go compiler to the version 1.23.

It is easy to disable if you don't like though, something like `environment.sessionVariables.GOTOOLCHAIN = "local"` or `home.sessionVariables.GOTOOLCHAIN = "local"` should do the trick.


Setting the GOTOOLCHAIN environment variable to local disables this. I don't use nix so I'm not sure if they set it by default but you can with set it with `go env`


> Setting the GOTOOLCHAIN environment variable to local disables this

I should be setting the GOTOCHAIN environment variable to enable this, opt-in not opt-out.


Why? The majority of people are happy with this change.


Why not opt-in?

It forces what the foundation wants you to do. It takes away control from you, it's unethical.

Not only that, it opens a can of worms. A compiler should be a compiler.

Not an self updating application, nor an dependency modulator from GitHub. How can I trust it when it does all these things?

Call me old fashioned at 35.

If you want the latest then go download the latest. Is that now to hard for the user?

Just because the latest is out doesn't mean it's any better than the previous version. What happens in a CrowdStrike scenario? What happens when Go gets retired in 50 years?

I don't want to work with the latest. Should I? TCL 9 is getting there but TCL 8.7 is still perfectly operatable. Should I be using 9 because it exists? My work only has 8.6 on production.

So your toolchain updates and they've removed a thing. You've got to hunt down the previous version, let alone needing to discover why it was working yesterday and not today. Unnecessary overhead.

You use a dependency that's not updated for the future version?

What stops someone from crafting a malicious binary? Malware hijacking the download path?

Auto-updating takes away your integrity. Your making blind trust that everything is what it is.

How can I be sure that the updated compiler is the compiler and not a malicious crafted version? If you can't trust the compiler how can you trust your code?

Yes, I could turn it off, but could I turn it on instead.

I shouldn't need to turn it off, I'll update when I want to update tyvm.


> it's unethical.

lmao, I stopped reading after this.


Shame, shows the type of person you are. Keep lapping that kool-aid.


lol keep editing your message clown.


I would've preferred that it be opt out or at least for it to be mentioned prominently enough at some point that it isn't a surprise.


https://tip.golang.org/doc/toolchain

But I guess I was hyper-sensible, because I've missed 'rustup'




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: