Go Lightning Talks

Please sign up here:
https://us02web.zoom.us/meeting/register/tZ0tcOGpqz0oHNxdnTSwb3_AU5bY0wqtS4dE
You will then receive an email with the link to the Zoom Webinar

Agenda:
6:30 - Announcements & Introductions
6:35 - Lightning Talks by Deep and Mitali
7:15 - Q&A
7:30 - Wrap Up

Lightning Talk #1:
Title: Understanding pseudo-versions, moving to Go 1.13 and what is in Go 1.14
Presenter: Mitali Bisht
Abstract:
As of Go v1.13 extracting a module from a version control system, the go command performs additional validation on the requested version string, as a result, any module which has multiple pseudo-versions for one commit hash will fail. In this talk, we will explain the version validations that have been enforced with Go v1.13 and how to fix them so that you can upgrade to Go v1.13 seamlessly. This talk will also cover what is new in Go 1.14 for Go module

Lightning Talk #2:
Title: Security of Go Modules and Vulnerability Scanning in GoCenter
Presenter: Deep Datta
Abstract:
Go 1.13 introduced important security features to Go Modules including a checksumdb. Deep will explain how this works and provide info on other tools that keep modules secure. He will review GoCenter’s vulnerability scanning capabilities so developers can check for security issues or known vulnerabilities.
As background, when a developer creates a new module or a new version of an existing module in Go 1.13, a go.sum file included in the module creates a list of SHA-256 hashes that are unique to that module version. That go.sum file is then sent to Google’s official checksum database where it is stored and used to verify that modules haven’t been tampered with when accessed later by a GOPROXY. This helps keep the integrity of packages intact. In this talk, Deep will go over the behavior of the checksum database, how it protects Go modules, and how the merkle-tree works.

About the Speakers:
Mitali Bisht, Community Software Engineer at JFrog
An experienced software engineer, Mitali has designed, developed and led challenging software projects involved cloud technologies, Big data , web ,devops in both large and small tech companies. As a Community Software Engineer at JFrog she is responsible for developing features for Gocenter and other projects related to Community. She has also been engaging with Go Community authors to make them aware of the security aspect of their modules and help them to resolve it. She loves exploring and adopting new technologies.

Deep Datta, Community Product Manager at JFrog
Deep manages the GoCenter - The Central Go Modules Repository. He loves encouraging diversity in tech and he has a passion for helping people join open source communities. Before JFrog he helped build and manage open source programs at Indeed and Benetech.org. Outside of work, Deep likes to travel the world, go to live music events, learn Golang, and find beautiful places to go hiking.

About our Sponsors:

JFrog
JFrog set out with the mission to transform the way enterprises manage and release software updates. They’ve realized that the world has changed, and users now expect their software to update continuously, non-intrusively and without them even knowing, this hyper connected world experience can be enabled by automation and an end-to-end solution for software artifacts only. With this in mind, they developed the world’s first universal artifact management platform, ushering in a new era in DevOps – Continuous Updates. Ten years later, JFrog has become the “Database of DevOps” and de-facto standard in release and update management. To learn more about JFrog, visit: https://jfrog.com/

Hatchpad
Hatchpad is an online community with a mission of empowering DC software engineers by providing a platform to share side projects, search for tech events, discover startup career opportunities, and hear from innovative thought leaders in the DC tech space. To learn more about hatchpad, visit: https://dmv.myhatchpad.com/