Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: [BUG] 8.6.0 Libpsl requirement is not portable
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Randall via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 31 Jan 2024 14:15:12 -0500
On Wednesday, January 31, 2024 1:08 PM, Frank Gevaerts wrote:
>On Wed, Jan 31, 2024 at 12:47:42PM -0500, Randall via curl-library wrote:
>>
>> Thanks. That seems to have made a positive difference. Would it not
>> make sense to automatically switch this off if the library is not
available?
>
>That's what happened before, with the result that several distributions had
it
>disabled more or less by accident. Given what libpsl does, that's not great
and can
>lead to security issues down the line.
Having a dependency like this, that is not trivially portable leading to
security issues in future, is rather problematic, don't you agree? Others in
the thread suggested building a single source file with no library
associations is not particularly useful without some hacking.
--Randall
Date: Wed, 31 Jan 2024 14:15:12 -0500
On Wednesday, January 31, 2024 1:08 PM, Frank Gevaerts wrote:
>On Wed, Jan 31, 2024 at 12:47:42PM -0500, Randall via curl-library wrote:
>>
>> Thanks. That seems to have made a positive difference. Would it not
>> make sense to automatically switch this off if the library is not
available?
>
>That's what happened before, with the result that several distributions had
it
>disabled more or less by accident. Given what libpsl does, that's not great
and can
>lead to security issues down the line.
Having a dependency like this, that is not trivially portable leading to
security issues in future, is rather problematic, don't you agree? Others in
the thread suggested building a single source file with no library
associations is not particularly useful without some hacking.
--Randall
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-01-31