[Daniel's week] March 24, 2023
daniel at haxx.se
Fri Mar 24 16:54:43 CET 2023
Another fully packed week.
## curl 8.0.0
The joy of doing a release  was brief this time as a serious bug was
reported within hours and I subsequently worked on and made a second release
already that same day : twice the fun with two releases on curl's 25th
The upside is that we figured out why and how we missed the flaw and we have
taken precautions to make sure we don't repeat this mistake.
Bumping the major number for the first time since libcurl was born seems to
have been received fairly well. The largest flaw we found in our own
infrastructure is probably the detail that made the website not highlight and
count 8.0.1 as the latest release but maintained that 7.88.1 must be the
latest version number. All due to bad version math in two scripts that simply
never showed for as long as we stuck on version 7.
## Tweaked release cycle management
As a direct consequence of the curl 8.0.0 mishap, but not because of that
mistake alone, we have adjusted the curl release cycle setup somewhat:
starting now, we will have a longer "cool down" period after releases, before
we open the feature window . This is meant for detecting regressions and
perhaps doing follow-up patch releases in case of need. We have also agreed to
lower the requirements for doing such patch releases in case of reported
The goal being to more quickly ship corrections of regressions and get back to
a "solid" release (state).
## 25 years celebrations
I participated in a "curl 25 years" podcast episode  released just the day
before and on the birthday itself we ran a Zoom/live-stream online celebration
. More than 700 individuals checked it at some point during the 4 hour
session and I had a great time. I did a presentation about curl over the years
 and we discussed and chatted about a lot of various curl related topics.
I topped that off by sipping on my 25 year old single malt all through the
meeting... It was a great tasting drink indeed and a totally awesome evening.
This week alone I live-streamed the release presentation , the birthday
celebrations, the roadmap webinar  and a 2+ hours curl development session
 on this Friday. 11 hours of curl streaming in a single week. That last
stream alone got more than 800 unique watchers. There is clearly interest so I
will try to continue doing them at some semi regular interval.
## c-ares code audit
OSTIF is again driving a code audit. This time for the c-ares project  in
which I am a (dormant) maintainer so I'm mostly following along as this
happens. The audit itself is done by x41  and Brad House is the current
c-ares maintainer that does all the heavy lifting when such is needed. We had
a kick-off meeting for this project this week.
## roadmap webinar
I did a (short) webinar on Thursday: the curl roadmap 2023 . As an
experiment mostly, I did it dual-hosted, so people could participate on Zoom
or watch the live-stream on Twitch. Turned out there was almost 10x factor
more people on Twitch. This made me decide that I will do more of my coming
curl related webinars this style.
## GitHub vulnerability database
I had a productive meeting with a GitHub vulnerability database representative
talking about the challenges we have experienced from a curl perspective. With
vulnerabilities and CVE reporting etc. There is no clear immediate solution on
the table but there is certainly a hope for improvements coming soon that
should make improve things. More about that later if or when they truly
## Coming up
- curl feature window opens Wednesday
- curl development live-stream on Tuesday
 = https://daniel.haxx.se/blog/2023/03/20/curl-8-0-0-is-here/
 = https://curl.se/mail/lib-2023-03/0045.html
 = https://github.com/curl/curl/pull/10827
 = https://pod.fossified.com/2023/03/19/s01e02.html
 = https://daniel.haxx.se/blog/2023/03/10/curl-25-years-online-celebration/
 = https://youtu.be/1aWpQ_t2qUw
 = https://youtu.be/LToOQEMcKoo
 = https://youtu.be/QwzauldblLc
 = https://youtu.be/8cmcdBy3UGI
 = https://c-ares.org/
 = https://x41-dsec.de/
More information about the daniel