[Daniel's week] May 12, 2023

Daniel Stenberg daniel at haxx.se
Fri May 12 23:36:59 CEST 2023

Hi friends.

Another week passed!

# May 12

## Cleaning advisories

Already last week I mentioned my adventures with providing all currently
published curl security advisories [1] in JSON format [2]. I continued this
week and expanded on the JSON format to provide more details: like better
credits, award amount, the CWE number in a better format and scheme version.

I then wrote up a script to verify that the same info is written inside the
CVE documents as we have in the "vuln.pm" list - which of course proved that
there were a few mistakes done in a few places.

I also made the "CVE checker" script verify that all advisories use the same
subtitles in the same order spelled the same way to make them all consistent -
and yes that resulted in quite a lot of corrections as well.

Once that was done, I added a spellcheck CI job for the website that now
checks all markdown files in the WWW repository for every commit/PR. The
largest volume of such documents is of course the security vulnerability
collection and this exercise highlighted a whole range of typos that I could

A serious spring cleaning!

## release work

I sent off pre-notification to the distros list on Tuesday, as I believe I
have permission/exception to do this after last week's discussion that never
really took off and the only reply was in agreement. There are four pending
curl security advisories: one at level Medium and three at level Low.

The pending release happens on Wednesday. Now I just need to make sure to get
all the necessary documentation, presentation and blog post prepared.

## Myconf

I was invited to speak at the myconf conference [3] in Karlskrona in southern
Sweden. I try to stick to going by train for travels within Sweden (as opposed
to flying) so I traveled the five hours down on Wednesday afternoon and back
home again mid-day Friday. While in Karlskrona, I met a lot of nice people and
was greeted and taken care of by the most awesome hosts. I managed to cram in
a speakers dinner, a full day of conference, a talk of mine, handing out a
crazy amount of curl stickers, participating in a seemingly never-ending
stream of questions and discussions about curl and open source and topped it
off with a boat trip in the archipelago and an elegant dinner. What an awesome
way to "break off the routines".

I'm happy to say that I got a lot of love and positive feedback for my

## Coming up

- curl 8.1.0 release on Wednesday, with release blog post and release
   live-streamed video presentation

## Links

[1] = https://curl.se/docs/security.html
[2] = https://curl.se/docs/vuln.json
[3] = https://myconf.io/


  / daniel.haxx.se

More information about the daniel mailing list