On Sun, 28 Oct 2012, Alessandro Ghedini wrote:

> The problem, from my "Debian maintainer of curl" point of view, is that I
> cannot upload a new curl version knowing that it will break something hoping
> that someone, some day will notice the breakage.

Yes you can.

I'm a Debian user myself, and I wouldn't want one of my applications
unknowingly to me be insecure where claimed otherwise - which is basically
what the value of 1 means.

And with this change, if something breaks, it is most likely to point out a
problem with the application than actually breaking a working feature.

> I have to make sure that the packages affected by this change still work (or
> have them fixed, or at least notify the respective maintainers) and this
> requires time.

If they don't claim to be secure (which is fine with me), then they should use
the value 0 as has been discussed the value 1 is not really working the same
way with the different backends so it would already be a problem depending on
which specific libcurl you'd use when the application runs. Alas, this change
would only help you make the problem more visible as it would already exist!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html