Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Concern: BearSSL
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 9 Mar 2022 12:46:52 +0100 (CET)
On Wed, 9 Mar 2022, Christian Schmitz wrote:
> Maybe you should create a support timeline for all dependencies.
>
> e.g. a library curl depends on is supported for 2 years after they make a
> release, then it gets deprecated and removed after latest 5 years or so.
I think maybe there are many more factors involved that makes it hard to make
the requirements in an easy list like that. Like for example maybe a
compression library doesn't have the same expectations or development patterns
as a TLS library. Maybe a dependency just doesn't have any bugs left to fix.
I once thought it would be great if we could say that all our recommended
dependences scored high in the "OpenSSF Best Practices Badge Program" [1] and
then that could've been a way to view dependencies, but I've given up or at
least postponed my hope of using that as a "filter".
[1] = https://bestpractices.coreinfrastructure.org/en
Date: Wed, 9 Mar 2022 12:46:52 +0100 (CET)
On Wed, 9 Mar 2022, Christian Schmitz wrote:
> Maybe you should create a support timeline for all dependencies.
>
> e.g. a library curl depends on is supported for 2 years after they make a
> release, then it gets deprecated and removed after latest 5 years or so.
I think maybe there are many more factors involved that makes it hard to make
the requirements in an easy list like that. Like for example maybe a
compression library doesn't have the same expectations or development patterns
as a TLS library. Maybe a dependency just doesn't have any bugs left to fix.
I once thought it would be great if we could say that all our recommended
dependences scored high in the "OpenSSF Best Practices Badge Program" [1] and
then that could've been a way to view dependencies, but I've given up or at
least postponed my hope of using that as a "filter".
[1] = https://bestpractices.coreinfrastructure.org/en
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-03-09