Comment Re:Climate its not CO2 (Score 1) 278
You're assuming people are rational agents. They're not.
And because the Go package manager (like most language specific package managers) is developer-centric, you have to rely on the developer to keep an eye out for CVE announcements for all the libraries they use. The number of developers that actually do this consistently is very small.
He has not acquired a fortune; the fortune has acquired him. -- Bion