The Go module proxy world is making me nervous with its use of immutable, cached modules and unchangeable module checksums. The intention is good, but the real world is always more nuanced and complex than 'once someone fetches something from you it can never change and never be removed'.
(Note that I didn't say 'published'. People can fetch from you before you've officially 'published' as you consider it, or without it at all.)
In a world with mutable source code and tags, people pulling things from you that you didn't intend them to is their problem; you can change your history, your tags, and your repo as you want. In a world of cached immutable modules, it is suddenly your problem. Other people have the power to easily freeze and make available your work for all time.
@pro Well, life is going to be interesting for the proxy operators when the first claims/reports about DMCA violations, trade secrets, or copyright violations in published modules start rolling in. Some of the organizations involved should be partially prepared, at least (eg Google, who already deal with many of them in other services).
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!