►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Them,
oh
yeah,
so
right
now
we
we
passed
code.sum.
So
the
good
thing
is
that
it's
really
fast,
it's
just
it's
just
passing
a
file
and
there's
no
need
to
fetch
anything.
There's
no
need
for
internet
connection
against.
So
that's.
I
think
it
works.
A
B
A
B
Yes,
I
mean
that's
where
it's
very
reliable:
it's
not
going
to
break
because
it
only
passes
a
file,
it's
simple
file,
but
it
contains
extra
dependencies
extra
dependency
versions.
So
if
there's,
if
a
project
depends
on
on
a
package,
let's
say
what
would
that
be?
Okay,
it's!
I
don't
have
anything
on
my
mind,
so
it
would
be
a
package
of
x
in
god
at
some.
B
You
might
have
multiple
versions
of
this
x
package,
but
in
the
end,
at
compile
time
go
with
only
pick
one
because
it
can't
it
can't
handle
mid-above
dependency
versions
at
the
same
time.
So
it
selects
it
selects
the
higher
version
and
I'm
smiling
because
it's
more
complicated
than
that,
but
it
selects
a
higher
version.
B
Yeah,
unless,
unless
so
it's
like
a
higher
version-
and
it
has
this
huggarita
algorithm-
sorry
called
msv,
but
it's
not
what
you
might
expect.
It's
anyways,
it's
all
written
there
so,
based
on
that,
what
we
could
do
we
could
use.
B
So
that's
something
we
could
do
without
capturing
anything
without
yeah
without
internet
connection,
which
is
great
but
bad
bad.
There
are
things
which
there
are
things
users
can
do
with
go
that
mode.
B
So
if
they,
then
they
can
well,
they
can
replace
a
module
with
another
one,
with
a
local
with
a
local
module.
So
they
would
say
that
this
kind.
B
A
Same
okay,
that's
right!
I
wouldn't
be
worried
about
that
because
well,
no,
like
intentional.
The
good
type
like
my
company
decided
that
whenever
we
reference
x
we're
to
reference
this
particular
package
of
it
because
we
as
a
company
like
I'm,
not
talking
about
malicious
insiders,
but
just
that
as
a
company.
We
put
this
one
in
our
proxy
because
that's
what
we
want
to
use.
B
Yeah
all
we
have
we
have.
We
have
a
fork
of
this
particular
dependency
and
we
know
what
we're
doing
here.
So
I
wouldn't
know
you
were.
I
wouldn't
be
worried
about
that.
You
use
as
my
dismissal.
It
is
knowing
that.
Well,
yes,
it's
affected,
but
in
fact
we
have
a
fork
where
a
patch
has
been
applied,
so
we
might
run
in
situations
like
this,
but
it's
it's
fine.
I
think
that
said
that
there
is
something
else
there
is
a
go.
So
what's
the
name?
Sorry
refreshing
the
context.
A
You
were
saying
that
it's
kind
of
and
like
in
my
head,
what
I
was
equating
it
to
is
certain
package
managers.
You
can
say
I
never
want
to
use
this
particular
thing,
and
so
it
sounded
like
you
were
talking
about.
Go,
could
do
something
like
that,
but
we
might
not
be
aware
that
you're
not
ever
supposed
to
use
that
version
or
skip
that
version
or.
B
Something
yeah,
so
I
thought
it
was
that
way
and-
and
it's
it's
well
some
context,
it's
a
new
feature
and
I'm
new
to
that.
It
was
introduced
in
go
1.16.
I
think,
and
it's
no,
but
it's
not
the
way
it
works.
The
way
it
works
is
that
developers
publishing
modules
to
be
used
as
dependencies
might
revoke.
So
to
speak.
B
One
patch
reversion
saying
that
this
this
is
available,
but
it's
not
I
mean
it's
listed.
It's
still
yeah,
it's
not
removed.
So
in
go
when
using
go
modules,
there's
a
git
tag
for
every
module
version,
so
the
git
tag
remains
because
we
don't
want
to
write
history
and
break
things,
but
there
would
be
this
extra
metadata
saying
that
is
there,
but
it's
not
available
to
be
used
anymore,
because
well
probably
it's
because
we
revoked
it
or
we,
whatever
yeah,
there's,
probably
a
security
issue.
There.
B
B
Otherwise,
it's
different
module
name,
so
there
would
be
x
one
at
zero
and
x
one
at
one
and
we
would
select
one
that
one
automatically
and
we
would
exclude
one
at
zero
because
it's
it's
lower,
but
it
it
might
be
the
case
that
1.1
has
been
revoked
and
we
still
use
one
to
zero.
Okay,
so.
A
B
A
So
right
now
we're
too
noisy.
We
could
make
some
modifications
so
we're
less
noisy
but
there's
a
chance
of
edge
cases,
yeah
and
then
there's
also-
and
you
can
correct
me
if
I
went
down
the
wrong
path
for
the
third
one,
but
there's
also
the
option
we'd
like
to
do
in
the
future.
A
B
B
B
A
Specifically
say
they
won't
use
us
because
we're
too
slow
and
for
them
too
slow
was
like
three
minutes
two
to
three
minutes,
so
we're
not
even
talking
ten
minutes.
Two
to
three
minutes
is
too
slow
for
them.
So
I
think
what
we
want
to
do
is
we
want
to
default,
to
maybe
the
less
the
precise
or
the
less
accurate
but
faster
method,
but,
to
your
point,
be
able
to
let
people
say
no,
I
kind
of
like
we
were
talking
earlier
with
security,
I'm
more
risk-averse
and
I
want
to
be
more
precise.
B
Yeah
and
to
do
that
in
a
constant,
consistent
way,
because
I
suspect
that
it's
not
limited
to
go
in
some
of
their
contexts.
We
may
might
have
these
two
options
like
go
for
the
faster
solution,
or
do
it
right.
But
you
have
to
to
fetch
everything
connect
to
the
package
registries
and
everything.
A
So
in
theory,
if
we
made
something
that
was
dependency
scanning
files,
a
making
up
name,
it's
a
terrible
name.
Names
are
the
hardest
part
of
everything.
So
if
we
had
a
variable
called
dependency
scanning
files-
true
that
meant
it
defaulted
to
just
using
files
wherever
possible.
For
like
the
speedy
method,
then,
as
we
had
this
option
for
each
package
manager,
we
could
say
just
use
the
files,
don't
verify
them,
don't
build
anything,
but
then
users
could
flip
it
and
then
for
every
package
manager.
B
Yeah,
but
we
got
we
got
to
consider
everything
at
the
same
time.
So
that's
we.
We
know
what
the
options
presented
to
users.
B
It's
different
in
one
case:
it
would
have
something
fast
and
noisy
and
mm-hmm,
and
you
know
the
other
case
fast,
not
so
noisy,
but
there's
a
slight
risk.
Maybe
I
should
research
that
some
more
about
to
me.
That's
a
slight
risk
that
we
miss
something.
A
But
the
thing
is,
I
think,
any
time
we're
not
building.
There
is
going
to
be
that
edge
case
risk,
because
I
could
have
my
package
manager
say:
I'm
not
allowed
to
hand
you
x,
I'm
going
to
hand
you
y
instead
because
of
some
internal
rule,
a
firewall
rule
of
dependency
rule.
You,
like
you,
said
a
revoked,
get
hashtag
for
a
specific
version
so
and
I
don't
think
that's
unique
to
go.
I
do
like.
I
have
heard.
B
A
This
is
how
we
work,
but
if
you're
more
risk-averse-
and
this
is
where
we
get
into
eventually
fingers
crossed-
we
can
set
up
those
scheduled
pipeline
things,
because
then
somebody
could
say:
okay
well,
every
time
a
developer
runs
something
I
want
it
to
do.
The
fast
and
speedy,
but
every
friday
night,
when
everyone
goes
home,
run
the
more
complex
full
version.
B
B
A
Sadly,
I'm
using
my
parents,
internet,
which
I
guess
is
the
equivalent-
is
it
any
better
without
video
yep?
Okay,
all
right,
I
think
we
do
unless
you
fully
disagree
with
me
here.
I
think
we
want
to
either
create
a
new
issue
to
talk
about
this
for
all
of
dependency
scanning
to
set
up
this
option
because
I
feel
like
it
shouldn't
just
be
an
option
for
like
the
variable
option
I
feel
like
that
should
not
just
be
an
option
for
one
thing
that
should
be
of
all
of
them,
but
I
think
for
this
issue.
A
B
We've
missed
one,
I
mean
words,
but
but
it
makes
sense
I
mean.
C
B
B
B
You
have
to
go
modules,
you
replace
a
package
coming
from
the
registry
with
with
something
you've
cloned
locally,
but
I
suspect
that
we
can't
process
the
log
file
right
away,
but
there
are
things
we
could
do.
B
Well
right
now
we
only
process
a
log
file
in
the
case
of
bunger
we'll
be
rendering
we
only
process
this.
We
only
process
gen
5
o'clock,
but
now
maybe
we
can
be
more
accurate
by
installing
the
dependencies
and
scanning
everything
in
the
case
in
the
case
where
they
use,
they
use
the.
B
B
C
I
like
the
idea
to
to
be
able
to
further
customize
this,
but
I
think
we're
heading
toward
what's
been
done
already
for
dust
with
the
profiles
like
they
had
the
similar
needs
of
having
a
fast
execution
in
some
cases
and
then
a
deeper
thorough
analysis
in
some
others
and
they
went
with
those
profiles.