Security Error when obtaining this package as a library

[rockyprabowo]

I can't download this package latest tag/release due to security error below.

$ go get github.com/hibiken/asynqmon
go: downloading github.com/hibiken/asynqmon v0.7.2
go: github.com/hibiken/[email protected]: verifying module: checksum mismatch
        downloaded: h1:EfLRppj5GlklMPzdCjdonpXz/D23meW0Pk6NAtkOPhw=
        sum.golang.org: h1:YohWgTIPwtMyZ6khBDcVUz9BdSdQW2Dxn8SoxtbmjSg=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

I have to specify the last commit before the v0.7.2 tag in order to use this library.

[hiredman]

I think what is going on here is asynqmon v0.7.2 hasn't actually been released. The most recent release in the github releases appears to be v0.7.1, but the tag for v0.7.2 exists and is maybe getting moved to match HEAD of master until such time as v0.7.2 is released (this is speculation based the github release pages and looking at what proxy.golang.org has cached for asynqmon v0.7.2 vs. what the tag currently points at here on github, so I know that the tag has changed once and doesn't appear to be "released").

This pattern of changing what a tag points to completely breaks proxy.golang.org and sum.golang.org, so is maybe not a good idea

[livingston0318]

Same issue, as I use failoverclientOpt, I can't back to v0.7.1, any idea how I can use it?

[livingston0318]

Same issue, as I use failoverclientOpt, I can't back to v0.7.1, any idea how I can use it?

I set GOPROXY As https://proxy.golang.org,direct and then， run go mod tidy，it works