[Daniel's week] December 29, 2023

[Daniel Stenberg]

Hello!

The last weekly email for 2023. Things happened this week as well, but maybe a 
little less than usual.

## Christmas

Christmas and the end of the year season is generally a time to slow down a
little and reflect over the past year and of course I too have done that. I
wrote my blog post on the curl commits of 2023 [1] a few days ago, which
actually made me miss the new number-of-committers-in-a-single-year curl
record that was broken today when commits from the 188th author of the year
was merged into the source code repository. It pleases me a lot to see this
huge interest in helping out and I hope that we can retain the attention and
energy into the future.

## FOSDEM

One of my three talk proposals for FOSDEM 2024 was denied: the HTTP/3 related
one. The current state is that one is accepted (about curl in the network room
[2] - but I'm only getting a twenty minutes slot so it'll be an interesting
challenge. I think it might become a rather information packed session with me
talking fast! :-)

The third talk I proposed that is still neither accepted or rejected I
submitted for the main track, which I probably makes it not too likely to get
accepted.

## Everything curl

I figured out how to enable the dark mode toggle on the book website [3] (see
the little thing on the top right corner).

I have continued to polish existing content, reordered some sections and I
have added a few more pages and entire sections with more information this
week. I did a huge overhaul and mostly banned the use of the word "will" in
text as I rewrote over 1200 lines to use present tense everywhere instead of
future tense. "curl makes this" instead of "curl will make this".

We surpassed 108,000 words in the book.

I also added more CI jobs and checks that verify the content and the
correctness of the syntax, titles, quoting and more.

## Security

We received a security vulnerability reported over hackerone [4] today that
seems to be accurate. Currently I think it might land as a "severity low"
issue. This is the first one since the 8.5.0 release on December 6. As usual,
all details will be revealed in association with the pending next release (end
of January).

We (the curl project) have completed all the formalities we need to and we
have been accepted as a CVE Numbering Authority (CNA). We are now just waiting
for the announcement and for getting our authentication tokens. I expect us to
be able to get our own CVE Ids starting with this coming release.

## Coming up

- I hear there's a new year coming

## Links

[1] = https://daniel.haxx.se/blog/2023/12/25/the-curl-activity-of-2023/
[2] = https://fosdem.org/2024/schedule/event/fosdem-2024-1909-broom-not-included-curling-the-modern-way/
[3] = https://everything.curl.dev/
[4] = https://hackerone.com/curl


-- 

  / daniel.haxx.se