[Daniel's week] March 24, 2023

Daniel Stenberg daniel at haxx.se
Fri Mar 24 16:54:43 CET 2023


Hi friends.

Another fully packed week.

## curl 8.0.0

The joy of doing a release [1] was brief this time as a serious bug was 
reported within hours and I subsequently worked on and made a second release 
already that same day [2]: twice the fun with two releases on curl's 25th 
birthday!

The upside is that we figured out why and how we missed the flaw and we have 
taken precautions to make sure we don't repeat this mistake.

Bumping the major number for the first time since libcurl was born seems to 
have been received fairly well. The largest flaw we found in our own 
infrastructure is probably the detail that made the website not highlight and 
count 8.0.1 as the latest release but maintained that 7.88.1 must be the 
latest version number. All due to bad version math in two scripts that simply 
never showed for as long as we stuck on version 7.

## Tweaked release cycle management

As a direct consequence of the curl 8.0.0 mishap, but not because of that 
mistake alone, we have adjusted the curl release cycle setup somewhat: 
starting now, we will have a longer "cool down" period after releases, before 
we open the feature window [3]. This is meant for detecting regressions and 
perhaps doing follow-up patch releases in case of need. We have also agreed to 
lower the requirements for doing such patch releases in case of reported 
regressions.

The goal being to more quickly ship corrections of regressions and get back to 
a "solid" release (state).

## 25 years celebrations

I participated in a "curl 25 years" podcast episode [4] released just the day 
before and on the birthday itself we ran a Zoom/live-stream online celebration 
[5]. More than 700 individuals checked it at some point during the 4 hour 
session and I had a great time. I did a presentation about curl over the years 
[6] and we discussed and chatted about a lot of various curl related topics.

I topped that off by sipping on my 25 year old single malt all through the 
meeting... It was a great tasting drink indeed and a totally awesome evening.

## Live-streams

This week alone I live-streamed the release presentation [7], the birthday 
celebrations, the roadmap webinar [8] and a 2+ hours curl development session 
[9] on this Friday. 11 hours of curl streaming in a single week. That last 
stream alone got more than 800 unique watchers. There is clearly interest so I 
will try to continue doing them at some semi regular interval.

## c-ares code audit

OSTIF is again driving a code audit. This time for the c-ares project [10] in 
which I am a (dormant) maintainer so I'm mostly following along as this 
happens. The audit itself is done by x41 [11] and Brad House is the current 
c-ares maintainer that does all the heavy lifting when such is needed. We had 
a kick-off meeting for this project this week.

## roadmap webinar

I did a (short) webinar on Thursday: the curl roadmap 2023 [8]. As an
experiment mostly, I did it dual-hosted, so people could participate on Zoom
or watch the live-stream on Twitch. Turned out there was almost 10x factor
more people on Twitch. This made me decide that I will do more of my coming
curl related webinars this style.

## GitHub vulnerability database

I had a productive meeting with a GitHub vulnerability database representative
talking about the challenges we have experienced from a curl perspective. With
vulnerabilities and CVE reporting etc. There is no clear immediate solution on
the table but there is certainly a hope for improvements coming soon that
should make improve things. More about that later if or when they truly
happen.

## Coming up

- curl feature window opens Wednesday
- curl development live-stream on Tuesday

## Links

[1] = https://daniel.haxx.se/blog/2023/03/20/curl-8-0-0-is-here/
[2] = https://curl.se/mail/lib-2023-03/0045.html
[3] = https://github.com/curl/curl/pull/10827
[4] = https://pod.fossified.com/2023/03/19/s01e02.html
[5] = https://daniel.haxx.se/blog/2023/03/10/curl-25-years-online-celebration/
[6] = https://youtu.be/1aWpQ_t2qUw
[7] = https://youtu.be/LToOQEMcKoo
[8] = https://youtu.be/QwzauldblLc
[9] = https://youtu.be/8cmcdBy3UGI
[10] = https://c-ares.org/
[11] = https://x41-dsec.de/


-- 

  / daniel.haxx.se


More information about the daniel mailing list