Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Discussions on Security Enhancements
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 7 Nov 2022 18:24:47 +0100 (CET)
On Mon, 7 Nov 2022, Diogo Sant'Anna via curl-users wrote:
Thanks for joining in and being willing to work with us to improve.
> One first suggestion I can give, is the adoption of the GitHub Action of
> Scorecards <https://securityscorecards.dev/#using-the-github-action>. It
> would automatically run the Scorecards checks
> <https://github.com/ossf/scorecard#scorecard-checks> over your project,
I'm confused. That video shows how you enable code scanning alerts for the
repo, which we have had enabled already for ages.
And for the record: that level of code scanning is not adding a lot of value
to us.
Date: Mon, 7 Nov 2022 18:24:47 +0100 (CET)
On Mon, 7 Nov 2022, Diogo Sant'Anna via curl-users wrote:
Thanks for joining in and being willing to work with us to improve.
> One first suggestion I can give, is the adoption of the GitHub Action of
> Scorecards <https://securityscorecards.dev/#using-the-github-action>. It
> would automatically run the Scorecards checks
> <https://github.com/ossf/scorecard#scorecard-checks> over your project,
I'm confused. That video shows how you enable code scanning alerts for the
repo, which we have had enabled already for ages.
And for the record: that level of code scanning is not adding a lot of value
to us.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-11-07