: checksum mismatch downloaded: h1:PamBMopnHxO2nEIsU89ibVVnqnXR2yFTgGNc+PdG68o= go.sum: h1:DnZGUjFbRkpytojHWwy6nfUSA7vFrzWXDLpFNzt74ZA=SECURITY ERROR This download does NOT match an earlier download recorded in go.sum. The bits may have been replaced on the origin server, or an attacker may have intercepted the download attempt. For more information, see 'go help module-auth'.
Well that is annoying. For me it helped to move the go.sum away (mv go.sum go.sum.bak). Feels insecure, and please research this, but at least it compiled. In this case, the developers let me know it was not a problem.