Skip to content

security: Separate modules for non-core code #193

New issue
New issue
Open
Open
security: Separate modules for non-core code#193
Labels
P:tech-debtPriority: Technical debt that needs to be paid off to enable us to move faster, reliablydependenciesDependency updatessecurity
@thanethomson

Description

@thanethomson
thanethomson
opened on Jan 24, 2023

At present, we have several sub-programs within the repository that are not critical to the functioning of the core software, but whose dependencies are tracked as part of the main project's module. This means that it's harder for us to track which dependencies are really necessary for the core code, and this makes it harder to assess the security risk associated with those dependencies.

For instance:

  • test/e2e contains our E2E tests, but these are not built into a CometBFT binary
  • test/loadtime contains a tool to assist us with QA, but also is not built into the CometBFT binary

We should create separate Go modules for each of these "sub-programs" so as to reduce the number of dependencies in the core go.mod file for CometBFT.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P:tech-debtPriority: Technical debt that needs to be paid off to enable us to move faster, reliablydependenciesDependency updatessecurity

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions