I recommend turning Dependabot off and replacing it with a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.

Code hosts like GitHub don't necessarily show the correct source of Go modules. pkg.geomys.dev is a new convenient viewer for module source.

Go's go.mod serves as both manifest and lockfile; go.sum is not a lockfile and doesn't need to be checked.

A guide to building a transparent keyserver in under 500 lines of code, featuring privacy protections, anti-poisoning measures, and witness cosigning.

Filippo presented the annual Go Cryptography State of the Union at GopherCon US 2025, covering the past year's developments in Go crypto.

Claude Code quickly debugged a low-level ML-DSA cryptography implementation, finding a non-obvious issue in Verify faster than the author could have.

Geomys introduces standards that its maintainers follow for open source project maintenance and professional activity.