Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
RE: Release candidate 3: curl 8.15.0-rc3
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dick Brooks via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 9 Jul 2025 13:00:25 -0400
Dan,
Thanks for sharing your insights.
My customers need the "Build SBOM", not a source SBOM. The SBOM must contain
details of the components in the Windows Zip file used by consumers to
install curl.
Per Daniels recommendation I've entered an issue for this:
https://github.com/curl/curl-for-win/issues/81
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
Never trust software, always verify and report! T
Risk always exists, but trust must be earned and awarded.T
https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
-----Original Message-----
From: Dan Fandrich <dan_at_coneharvesters.com>
Sent: Wednesday, July 9, 2025 12:42 PM
To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
Cc: Dick Brooks <dick_at_businesscyberguardian.com>
Subject: Re: Release candidate 3: curl 8.15.0-rc3
On Wed, Jul 09, 2025 at 03:44:56PM +0200, Daniel Stenberg via curl-users
wrote:
> On Wed, 9 Jul 2025, Dick Brooks wrote:
> > Congratulations. Any chance we will see an SBOM for curl in the future?
>
> The "normal" curl release does not need an SBOM. It is just one thing
> and this one thing comes only from us: the curl release.
>
> curl releases are done as source code tarballs with no third party code
included.
The curl source is fully marked up with SPDX license tags, so you can
generate your own accurate source-level SBOM in SPDX format with license
information using the "reuse" tool. Just run "reuse spdx". See
https://reuse.readthedocs.io for more information.
Dan
Date: Wed, 9 Jul 2025 13:00:25 -0400
Dan,
Thanks for sharing your insights.
My customers need the "Build SBOM", not a source SBOM. The SBOM must contain
details of the components in the Windows Zip file used by consumers to
install curl.
Per Daniels recommendation I've entered an issue for this:
https://github.com/curl/curl-for-win/issues/81
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
Never trust software, always verify and report! T
Risk always exists, but trust must be earned and awarded.T
https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
-----Original Message-----
From: Dan Fandrich <dan_at_coneharvesters.com>
Sent: Wednesday, July 9, 2025 12:42 PM
To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
Cc: Dick Brooks <dick_at_businesscyberguardian.com>
Subject: Re: Release candidate 3: curl 8.15.0-rc3
On Wed, Jul 09, 2025 at 03:44:56PM +0200, Daniel Stenberg via curl-users
wrote:
> On Wed, 9 Jul 2025, Dick Brooks wrote:
> > Congratulations. Any chance we will see an SBOM for curl in the future?
>
> The "normal" curl release does not need an SBOM. It is just one thing
> and this one thing comes only from us: the curl release.
>
> curl releases are done as source code tarballs with no third party code
included.
The curl source is fully marked up with SPDX license tags, so you can
generate your own accurate source-level SBOM in SPDX format with license
information using the "reuse" tool. Just run "reuse spdx". See
https://reuse.readthedocs.io for more information.
Dan
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-07-09