![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
inet.af/netstack
This was a "fork" of https://github.com/google/gvisor, extracting out just the "netstack" networking bits, which previously were self-contained at https://github.com/google/netstack.
This repo is no longer maintained. As of Go 1.17 and its lazy module loading we no longer need it, so we now just use upstream gVisor directly.
Because gVisor's go.mod
is gigantic
and causes problems to people trying to use it as a library.
Arguably Go's tooling is also somewhat to blame: Go doesn't make it easy (or even possible) to use a subset (a few packages) out of a mega module like gVisor without getting impacted by otherwise-unrelated requirements of that dependent module. (Update: as of Go 1.17, this appears to be fixed; see UPDATE above)
Specifically, Tailscale
wanted to use gVisor's tcpip
networking packages, which worked fine for a
while, but then one day we bumped our gVisor version to pull in a bug fix we
needed (from the networking-related part of gVisor), and that ended up
making us pull in new conflicting versions of etcd
. Why? Because
somewhere in that
go.mod
Docker or
grpc
or Kubernetes or whatever depended on etcd somehow. Who knows. We
spent too long trying to fix it and gave up.
Our fix is this repo, pulling netstack out of gvisor like it used to be,
with a small go.mod
.
We don't accept contributions. This repo isn't human-maintained. It's synced from gVisor's "go" branch. In fact, the flow looks like:
googletree
)//googletree/gvisor/...
out into GitHub occasionallygoogletree
uses Bazel, not the cmd/go
Go toolSame as gVisor.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.