Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Discussions on Security Enhancements
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Diogo Sant'Anna via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 8 Nov 2022 11:20:25 -0300
Great, thanks for the feedback! I have already passed it to OpenSSF folks.
However, would you be currently interested in PRs or discussions on more
straightforward security improvements? As an example, in the previous email
I gave the suggestion of converting the workflow's dependencies to
hash-pinned dependencies. The security benefits from this can be seen here
<https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#pinned-dependencies>
.
OBS: let me know if I should create a separate email thread for those
discussions.
Date: Tue, 8 Nov 2022 11:20:25 -0300
Great, thanks for the feedback! I have already passed it to OpenSSF folks.
However, would you be currently interested in PRs or discussions on more
straightforward security improvements? As an example, in the previous email
I gave the suggestion of converting the workflow's dependencies to
hash-pinned dependencies. The security benefits from this can be seen here
<https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#pinned-dependencies>
.
OBS: let me know if I should create a separate email thread for those
discussions.
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-11-08