As you can see in the GitHub issue you cite, other Windows compilers
reportedly default to PIE. The argument was that Go on Windows should
act like other compilers on Windows.
> 2. Is pie useful now even in go? (the first thread is from 2012-2014)
PIE makes certain kinds of attacks on programs significantly more
difficult. Those attacks must first find a bug in the program,
typically an overflow of a buffer stored on the stack, which lets the
attacker modify the stack in some way. If such a bug exists, using
PIE makes it harder to exploit the bug. In Go it is very hard to
write a program that contains such a bug, much much harder than it is
in C. Therefore, I would say that PIE is much less important for Go
than it is for C. But it is possible with a fair amount of work to
write a Go program that contains such a bug. And Go programs can call
C code, and it might be useful to use PIE to make it harder to exploit
any bugs in that C code. So PIE is not completely useless for Go.
PIE can be useful for systems like the memory sanitizer
(
https://github.com/google/sanitizers/wiki/MemorySanitizer) which need
to allocate large amounts of memory, and need to know that the program
can avoid the memory addresses that MSan wants.
Ian