Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
RE: curl verification
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 25 May 2026 22:47:44 +0200 (CEST)
On Mon, 25 May 2026, Dick Brooks wrote:
> The approach you describe works fine for developers that incorporate curl,
> but what about all the "curl users" that don't have the tarball, how do they
> verify that the curl release installed and running on their system is
> trusted?
The main curl release shipped by the curl project is a tarball with source
code. Thus we document how you verify that release. Our release.
If you get curl any other way, which lots of users do of course, then you need
to do something else - depending on exactly how you get curl onto your
systems.
For example, if you install it on a Linux distro I figure you trust and assume
that the distro packagers already verified it. If you run macOS or Windows you
probably also presume that the giant companies shipping the operating system
and make bits end up on your hard drive did some checks before they did so.
Date: Mon, 25 May 2026 22:47:44 +0200 (CEST)
On Mon, 25 May 2026, Dick Brooks wrote:
> The approach you describe works fine for developers that incorporate curl,
> but what about all the "curl users" that don't have the tarball, how do they
> verify that the curl release installed and running on their system is
> trusted?
The main curl release shipped by the curl project is a tarball with source
code. Thus we document how you verify that release. Our release.
If you get curl any other way, which lots of users do of course, then you need
to do something else - depending on exactly how you get curl onto your
systems.
For example, if you install it on a Linux distro I figure you trust and assume
that the distro packagers already verified it. If you run macOS or Windows you
probably also presume that the giant companies shipping the operating system
and make bits end up on your hard drive did some checks before they did so.
-- / daniel.haxx.se -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2026-05-25