TLDR; Efforts to increase the security of the build environment lead to a redesign of the gomote service. Gomote access requests are no longer frozen. All existing gomote users must re-request access if they still require it. The gomote client must be updated to the latest version after the new access is granted,.
Gomote is a service used by Go contributors to gain access to architectures and operating systems that are supported by Go. A small trusted set of contributors have traditionally had access to the gomote service. We've changed how portions of the gomote service infrastructure is implemented to increase the security of the build environment. Users will be impacted in the following ways:
The gomote client will no longer use a Go team issued token for authentication. Instead, a Google account will now be used to authenticate to the service.
GitHub will no longer be used to store public keys for SSH access.
Users can start requesting access if it is essential to their contributor work.
All existing gomote users must re-request access in order to continue having access.
The updated version of the gomote client is required for gomote use.
A small set of builders will be restricted from gomote access.
Instructions on how to request access can be found at https://go.dev/wiki/Gomote#access
Please be on the lookout for any bugs and feel free to file an issue (or fix an issue) if you discover any issues.
You can download the new client by running:
go install golang.org/x/build/cmd/gomote@latest
This work is leading to a more secure infrastructure for all Gophers!
--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/20cc55b1-957e-40e1-ae24-b16141196504n%40googlegroups.com.