Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Fedora and curl-minimal
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Henrik Holst via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 17 Mar 2022 11:05:50 +0100
Den tors 17 mars 2022 kl 08:34 skrev Kamil Dudka <kdudka_at_redhat.com>:
> On Thursday, March 17, 2022 3:32:45 AM CET Henrik Holst wrote:
> > Another point when it comes to security is that if the version of curl
> > provided by the distro does not support the protocols the user needs (and
> > sorry for my ignorance here since I do not know if Fedora also have
> another
> > "fuller" curl package so I'm speaking in more general terms here) then
> many
> > end users will simply download the source from upstream, do the make &&
> > make install dance and move on, extremely few of them will ever update
> this
> > version so IMHO security becomes worse. True that the distro itself
> haven't
> > gotten worse security by this but the end result is still lots of
> insecure
> > installs.
> >
> > /HH
>
> I am not sure where this confusion comes from. The build of libcurl with
> the
> original configuration is *not* going away from Fedora. The
> libcurl-minimal
> subpackage was introduced back in 2017:
>
No confusion at all, I did add a caveat that I was speaking more generally
and not for Fedora specifically. But good to know that you do have a full
package as well, as I wrote in my caveat I have zero knowledge of how curl
is packaged in Fedora.
/HH
Date: Thu, 17 Mar 2022 11:05:50 +0100
Den tors 17 mars 2022 kl 08:34 skrev Kamil Dudka <kdudka_at_redhat.com>:
> On Thursday, March 17, 2022 3:32:45 AM CET Henrik Holst wrote:
> > Another point when it comes to security is that if the version of curl
> > provided by the distro does not support the protocols the user needs (and
> > sorry for my ignorance here since I do not know if Fedora also have
> another
> > "fuller" curl package so I'm speaking in more general terms here) then
> many
> > end users will simply download the source from upstream, do the make &&
> > make install dance and move on, extremely few of them will ever update
> this
> > version so IMHO security becomes worse. True that the distro itself
> haven't
> > gotten worse security by this but the end result is still lots of
> insecure
> > installs.
> >
> > /HH
>
> I am not sure where this confusion comes from. The build of libcurl with
> the
> original configuration is *not* going away from Fedora. The
> libcurl-minimal
> subpackage was introduced back in 2017:
>
No confusion at all, I did add a caveat that I was speaking more generally
and not for Fedora specifically. But good to know that you do have a full
package as well, as I wrote in my caveat I have zero knowledge of how curl
is packaged in Fedora.
/HH
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-03-17