Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Roadmap 2023 ? -- Enhance security of curl's release
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Fabian Keil via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 17 Feb 2023 08:09:31 +0100
Diogo Sant'Anna via curl-library <curl-library_at_lists.haxx.se> wrote on 2023-02-16 at 16:33:40:
> One way to achieve this would be:
>
> 1.
>
> Moving your release process (i.e., the packaging of the tarball) to an
> automated script in GitHub Actions (GHA). I suggest this because I see you
> already have some processes as GHAs and you could still reuse part of the
> script you currently use in docs/RELEASE-PROCEDURE.md
Are you suggesting that creating the release on (IMHO) untrustworthy
and proprietary GitHub infrastructure is more secure than using a
system Daniel controls?
Should the OpenPGP key that is used to sign the releases copied
to GitHub infrastructure as well?
In my opinion this would be a step in the wrong direction.
Fabian
Received on 2023-02-17
Date: Fri, 17 Feb 2023 08:09:31 +0100
Diogo Sant'Anna via curl-library <curl-library_at_lists.haxx.se> wrote on 2023-02-16 at 16:33:40:
> One way to achieve this would be:
>
> 1.
>
> Moving your release process (i.e., the packaging of the tarball) to an
> automated script in GitHub Actions (GHA). I suggest this because I see you
> already have some processes as GHAs and you could still reuse part of the
> script you currently use in docs/RELEASE-PROCEDURE.md
Are you suggesting that creating the release on (IMHO) untrustworthy
and proprietary GitHub infrastructure is more secure than using a
system Daniel controls?
Should the OpenPGP key that is used to sign the releases copied
to GitHub infrastructure as well?
In my opinion this would be a step in the wrong direction.
Fabian
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
- application/pgp-signature attachment: OpenPGP digital signature