|
|
Subscribe / Log in / New account

Daniel shouldering *everything* for curl - again.

Daniel shouldering *everything* for curl - again.

Posted Feb 6, 2025 22:37 UTC (Thu) by amacater (subscriber, #790)
Parent article: Security quote of the week

Curl has been the subject of a huge amount of scrutiny for bugs. Nice to know that Daniel's prepared to fix code for a bug that was actually effectively fixed 20 years ago. There's a lot of effort going in to finding bugs - some of it automated fuzzing - and Daniel ends up playing whack-a-mole. This level of commitment is admirable.

to post comments

Daniel shouldering *everything* for curl - again.

Posted Feb 7, 2025 5:11 UTC (Fri) by mirabilos (subscriber, #84359) [Link] (2 responses)

Following the link… he hasn’t actually fixed it, he removed support for that old libz versions.

But yes, in general, he’s doing a great job.

Daniel shouldering *everything* for curl - again.

Posted Feb 7, 2025 11:32 UTC (Fri) by cthart (guest, #4457) [Link] (1 responses)

What was he supposed to do...? Dropping support for such an old library is the only sane response. It almost certainly has other security flaws.

Daniel shouldering *everything* for curl - again.

Posted Feb 7, 2025 21:54 UTC (Fri) by mirabilos (subscriber, #84359) [Link]

I wasn’t criticising this, I was only clarifying.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds