curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Concern: BearSSL

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 9 Mar 2022 12:46:52 +0100 (CET)

On Wed, 9 Mar 2022, Christian Schmitz wrote:

> Maybe you should create a support timeline for all dependencies.
>
> e.g. a library curl depends on is supported for 2 years after they make a
> release, then it gets deprecated and removed after latest 5 years or so.

I think maybe there are many more factors involved that makes it hard to make
the requirements in an easy list like that. Like for example maybe a
compression library doesn't have the same expectations or development patterns
as a TLS library. Maybe a dependency just doesn't have any bugs left to fix.

I once thought it would be great if we could say that all our recommended
dependences scored high in the "OpenSSF Best Practices Badge Program" [1] and
then that could've been a way to view dependencies, but I've given up or at
least postponed my hope of using that as a "filter".

[1] = https://bestpractices.coreinfrastructure.org/en

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-03-09