Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Release candidate 3: curl 8.15.0-rc3
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Aleksandar Lazic via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 10 Jul 2025 09:00:53 +0200
Hi Dick.
On 2025-07-09 (Mi.) 19:00, Dick Brooks via curl-users wrote:
> Dan,
>
> Thanks for sharing your insights.
>
> My customers need the "Build SBOM", not a source SBOM. The SBOM must contain
> details of the components in the Windows Zip file used by consumers to
> install curl.
>
> Per Daniels recommendation I've entered an issue for this:
> https://github.com/curl/curl-for-win/issues/81
It's open source :-). so you can create the SBOM or the scripts which creates
the SBOM and contribute to the open source project which you use for your customers.
> Thanks,
>
> Dick Brooks
Best Regards
Aleks
> Active Member of the CISA Critical Manufacturing Sector,
> Sector Coordinating Council - A Public-Private Partnership
>
> Never trust software, always verify and report! T
> Risk always exists, but trust must be earned and awarded.T
> https://businesscyberguardian.com/
> Email: dick_at_businesscyberguardian.com
> Tel: +1 978-696-1788
>
>
> -----Original Message-----
> From: Dan Fandrich <dan_at_coneharvesters.com>
> Sent: Wednesday, July 9, 2025 12:42 PM
> To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
> Cc: Dick Brooks <dick_at_businesscyberguardian.com>
> Subject: Re: Release candidate 3: curl 8.15.0-rc3
>
> On Wed, Jul 09, 2025 at 03:44:56PM +0200, Daniel Stenberg via curl-users
> wrote:
>> On Wed, 9 Jul 2025, Dick Brooks wrote:
>>> Congratulations. Any chance we will see an SBOM for curl in the future?
>>
>> The "normal" curl release does not need an SBOM. It is just one thing
>> and this one thing comes only from us: the curl release.
>>
>> curl releases are done as source code tarballs with no third party code
> included.
>
> The curl source is fully marked up with SPDX license tags, so you can
> generate your own accurate source-level SBOM in SPDX format with license
> information using the "reuse" tool. Just run "reuse spdx". See
> https://reuse.readthedocs.io for more information.
>
> Dan
>
Date: Thu, 10 Jul 2025 09:00:53 +0200
Hi Dick.
On 2025-07-09 (Mi.) 19:00, Dick Brooks via curl-users wrote:
> Dan,
>
> Thanks for sharing your insights.
>
> My customers need the "Build SBOM", not a source SBOM. The SBOM must contain
> details of the components in the Windows Zip file used by consumers to
> install curl.
>
> Per Daniels recommendation I've entered an issue for this:
> https://github.com/curl/curl-for-win/issues/81
It's open source :-). so you can create the SBOM or the scripts which creates
the SBOM and contribute to the open source project which you use for your customers.
> Thanks,
>
> Dick Brooks
Best Regards
Aleks
> Active Member of the CISA Critical Manufacturing Sector,
> Sector Coordinating Council - A Public-Private Partnership
>
> Never trust software, always verify and report! T
> Risk always exists, but trust must be earned and awarded.T
> https://businesscyberguardian.com/
> Email: dick_at_businesscyberguardian.com
> Tel: +1 978-696-1788
>
>
> -----Original Message-----
> From: Dan Fandrich <dan_at_coneharvesters.com>
> Sent: Wednesday, July 9, 2025 12:42 PM
> To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
> Cc: Dick Brooks <dick_at_businesscyberguardian.com>
> Subject: Re: Release candidate 3: curl 8.15.0-rc3
>
> On Wed, Jul 09, 2025 at 03:44:56PM +0200, Daniel Stenberg via curl-users
> wrote:
>> On Wed, 9 Jul 2025, Dick Brooks wrote:
>>> Congratulations. Any chance we will see an SBOM for curl in the future?
>>
>> The "normal" curl release does not need an SBOM. It is just one thing
>> and this one thing comes only from us: the curl release.
>>
>> curl releases are done as source code tarballs with no third party code
> included.
>
> The curl source is fully marked up with SPDX license tags, so you can
> generate your own accurate source-level SBOM in SPDX format with license
> information using the "reuse" tool. Just run "reuse spdx". See
> https://reuse.readthedocs.io for more information.
>
> Dan
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-07-10