Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, it's definitely not a simple good/bad decision. My thought is that it's more likely that a Go library would be more likely to have implemented something like a mandatory auth check but the counterpoint is that if such a library were vulnerable it would affect potentially a very large number of services.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact