Closed
Description
go get is frequently used by users and developers on hostile networks (eg, the internet) to fetch and run code. Incredibly, when HTTPS connections fail (for instance because an attacker is denying access to HTTPS), go get falls back to HTTP.
Please remove support for plain HTTP, or refuse to use it without the user specifying explicitly that they want to make HTTP connections!