For anyone who thinks this might matter for security: * curl is mature enough that the chance of a...

tempay • today at 7:11 AM • 2 replies • view on HN

For anyone who thinks this might matter for security:

* curl is mature enough that the chance of an impactful bug is basically zero * if there is such a bug, I'm sure someone will figure out how to get in touch with Daniel and co * if there is such a bug, it's more important that it gets patched in package managers and rolled out. Upstream releases can wait.

Replies

veltas • today at 7:57 AM

> if there is such a bug, I'm sure someone will figure out how to get in touch with Daniel and co

No, that is the point, they are not going to accept your vuln report. They are taking a holiday.

➕ show 2 replies

swiftcoder • today at 10:59 AM

> curl is mature enough that the chance of an impactful bug is basically zero

Curl is also something that should be thoroughly sandboxed to begin with, because even if there are no vulnerabilities in curl itself, its a tool for downloading arbitrary data over the internet, and you may well accidentally trigger vulnerabilities in every other part of your environment just by downloading arbitrary data to your shell...

➕ show 1 reply

alt Hacker News

Replies