Ask HN: Do you read a Golang's package source before you import it?
I just asked myself how secure a Golang package is. Isn't it possible, that i.e. a database driver package gets compromised, and all my credentials are pushed through net/http to some external server?
I do read through the source code of any external package I use in Go.
I do the same thing in all languages.
That is why I tend to use as little external dependencies as possible.