Go v1.21+ Auto-Downloads Toolchains and Verifies Them Using a Transparency Log | Aditya Thebe
since Go 1.21, the go command can automatically download newer toolchains—and verify them against a cryptographically auditable log. This led me down a rabbit hole into how transparency logs work, what Merkle trees actually do, and why someone is independently rebuilding every Go toolchain from source.