Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
curl verification
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dick Brooks via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 25 May 2026 15:10:57 -0400
I just read the curl verification blog posting and related materials.
https://daniel.haxx.se/blog/2026/03/26/dont-trust-verify/
I believe there may be a more efficient way to verify trust in curl, without
needing to download or install any software, by using a "Public Trust
Infrastructure" (PTI) Trust Registry, as shown in this trust verification
lookup.
A browser alone is sufficient to verify trust:
https://softwareassuranceguardian.com/labellink/getTrustedProductLabel?Produ
ctID=F1A201F17B5E34FC637C9E79211A011266FCA2445C6522D495B4E7BDB903CBC1
<https://softwareassuranceguardian.com/labellink/getTrustedProductLabel?Prod
uctID=F1A201F17B5E34FC637C9E79211A011266FCA2445C6522D495B4E7BDB903CBC1&html=
1> &html=1
You could even link the "Known Vulnerabilities" VDR URL in the output to the
curl release VDR:
https://curl.se/docs/vuln-8.19.0.json
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
Lifetime IEEE Member
<https://reliableenergyanalytics.com/products> Never trust software, always
verify and report! T
Risk always exists, but trust must be earned and awarded.T
<https://businesscyberguardian.com/> https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
Received on 2026-05-25
Date: Mon, 25 May 2026 15:10:57 -0400
I just read the curl verification blog posting and related materials.
https://daniel.haxx.se/blog/2026/03/26/dont-trust-verify/
I believe there may be a more efficient way to verify trust in curl, without
needing to download or install any software, by using a "Public Trust
Infrastructure" (PTI) Trust Registry, as shown in this trust verification
lookup.
A browser alone is sufficient to verify trust:
https://softwareassuranceguardian.com/labellink/getTrustedProductLabel?Produ
ctID=F1A201F17B5E34FC637C9E79211A011266FCA2445C6522D495B4E7BDB903CBC1
<https://softwareassuranceguardian.com/labellink/getTrustedProductLabel?Prod
uctID=F1A201F17B5E34FC637C9E79211A011266FCA2445C6522D495B4E7BDB903CBC1&html=
1> &html=1
You could even link the "Known Vulnerabilities" VDR URL in the output to the
curl release VDR:
https://curl.se/docs/vuln-8.19.0.json
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
Lifetime IEEE Member
<https://reliableenergyanalytics.com/products> Never trust software, always
verify and report! T
Risk always exists, but trust must be earned and awarded.T
<https://businesscyberguardian.com/> https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
(image/jpeg attachment: image005.jpg)
(image/png attachment: image002.png)
(image/png attachment: image004.png)