[Daniel's week] February 23, 2024

Daniel Stenberg daniel at haxx.se
Fri Feb 23 17:25:09 CET 2024 

Hello friends!

## vacation

It was another extra week gap again because I spent last week mostly offline 
and away from keyboards. That was good.

## CVE

My struggles against the CVE system continued and I wrote an update on my bog
I called DISPUTED, not REJECTED [1].

We also have a confirmed security problem reported to announce in association
with the pending next release.

## 18k commits

I reached 18,000 commits in the curl source code repository [2]. Obviously
just a number that does not mean anything.

## HTTP/3 audit

The security audit on curl's HTTP/3 related code was published [3]. Performed
by Trail of Bits. They found things to fix but nothing critical and no
security flaws.

## lftp

I learned that the "curl alternative" lftp [4] has ceased development, and as
a direct result of this we have talked to people who now are looking at
converting over their use cases to using curl instead. lftp has several
features that curl does not. Room for improvement perhaps.

## c-ares

We shipped c-ares 1.27.0 [8], fixing CVE-2024-25629 [9] among other things.

## distro meeting

We have reached out to more curl packagers for our coming "curl distro
discussion" [5] online meeting in March. If you package curl or you know
people who do, help us extend the invitation to them.

I will start drafting an agenda soon.

## curl up

I hope to soon be able to announce in which European city curl up 2024 [6]
will take place. If you are curl maintainer or contributor, we intend to help
fund your travels to and stay [7] at curl up 2024. With the hope that we can
gather as many "curl people" as possible. An entire weekend devoted to curl,
what could possibly be better than that?

## podcast season

I participated as a guest in a podcast recording today, and I have two (or
three) scheduled for next week.

## Coming up

- more podcast recordings
- last week before curl's feature window closes for 8.7.0

## Links

[1] = https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/
[2] = https://daniel.haxx.se/blog/2024/02/22/18k-commits/
[3] = https://daniel.haxx.se/blog/2024/02/23/curl-http-3-security-audit/
[4] = https://lftp.yar.ru/
[5] = https://github.com/curl/curl/wiki/curl-distro-discussion-2024/
[6] = https://github.com/curl/curl-up/wiki/2024
[7] = https://github.com/curl/curl-up/wiki/Funding-attendance
[8] = https://c-ares.org/
[9] = https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q

-- 

  / daniel.haxx.se

More information about the daniel mailing list