[Daniel's week] June 9, 2023

Fri Jun 9 19:14:04 CEST 2023

Hello,

Another week ends. Lots of stuff happened.

## Parallel tests

Dan Fandrich merged some crucial commits that now finally let us run the curl
test suite in parallel [1] and it is fast!

## container-curl

Jim Fuller has re-worked how the container version of curl is done and shipped
[4], which had some early mistakes that were quickly fixed with new versions
quickly trickling out from that factory.

The dockerhub hosted version of curl was pulled at a rate of 4.3 million
pulls/day earlier this week!

## SPDX identifiers in c-ares and libssh2

This week I took the time and energy to plow through both these code bases to
make sure every single file in their respective git repositories have SPDX
license identifiers and proper copyright information. Verified by CI jobs of
course so that further changes will be verified and the status maintained.

I believe that having everything nailed down like this is a good service to
users who now can get a complete picture of everything related to licenses and
copyright of everything within these projects.

We made curl fully "REUSE compliant" a while back and it feels good to have
the other projects I co-maintain join the club.

## libcurl examples

I realized that the man pages for libcurl functions and options that are
hosted on the website did not have the curl related symbols and functions
properly linked in their respective example sections. They only relied on the
"SEE ALSO" section, which often (understandably) does not actually include
every symbol used in the example.

I fixed this with a script that post-processes the web pages and linkifies
them accordingly. This makes the man pages display even nicer I think. [5]

I started on another documentation project: making sure every single option
for curl_easy_setopt() has at least one corresponding stand-alone example
source code showing how to use it. I asked the curl-library mailing list for
help [2]. This is a massive undertaking that will take a while to complete.

## security

After my work last week to get the severity level figured out for all past
curl vulnerabilities, I could expand the "vulnerability table" [6] this week
to make it render with different colors for the different flaws depending on
severity to help visualize them better.

In the mean time I have bounced more emails back and forth with NVD, which
probably is going to result in another blog post soon about their harmful
practices.

## user survey ended

The 2023 curl user survey stopped taking responses at tend of day Wednesday my
time. We count 606 responses, which is more than last year so I think we
should consider that good. I have not yet started the hard work of wading
through all the data and numbers to try to figure them out and present them to
the world somehow. I will try to gather the energy to start doing that next
week.

## WebSocket

I wrongly stated in last week's report that I would do a WebSocket webinar
this week, when in fact it is planned to happen next week on June 15th. I
spent some time this week on the pending presentation and thinking about how
to best explain this.

"Doing WebSockets with libcurl" will happen on Thursday evening my time, to
work for Europeans and North Americans alike. Stay tuned for how to sign up.

## Games

This week the game "Diablo IV" premiered, and someone quickly pointed out to
me that it credits curl in its ending sequence. Someone else pointed out a
site that actually maintains a list of games and who gets credited, and it
turns out they count me being credited in no less than 136 games! [3]

## Coming up

- The WebSocket webinar happens on Thursday June 15
- The curl feature window closes Saturday June 17

## Links

[1] = https://daniel.haxx.se/blog/2023/06/08/parallel-curl-tests/
[2] = https://curl.se/mail/lib-2023-06/0024.html
[3] = https://daniel.haxx.se/blog/2023/06/09/games-curl-too/
[4] = https://github.com/curl/curl-container
[5] = https://curl.se/libcurl/c/
[6] = https://curl.se/docs/vulnerabilities.html

-- 

  / daniel.haxx.se