[Daniel's week] May 12, 2023
Daniel Stenberg
daniel at haxx.se
Fri May 12 23:36:59 CEST 2023
Hi friends.
Another week passed!
# May 12
## Cleaning advisories
Already last week I mentioned my adventures with providing all currently
published curl security advisories [1] in JSON format [2]. I continued this
week and expanded on the JSON format to provide more details: like better
credits, award amount, the CWE number in a better format and scheme version.
I then wrote up a script to verify that the same info is written inside the
CVE documents as we have in the "vuln.pm" list - which of course proved that
there were a few mistakes done in a few places.
I also made the "CVE checker" script verify that all advisories use the same
subtitles in the same order spelled the same way to make them all consistent -
and yes that resulted in quite a lot of corrections as well.
Once that was done, I added a spellcheck CI job for the website that now
checks all markdown files in the WWW repository for every commit/PR. The
largest volume of such documents is of course the security vulnerability
collection and this exercise highlighted a whole range of typos that I could
correct.
A serious spring cleaning!
## release work
I sent off pre-notification to the distros list on Tuesday, as I believe I
have permission/exception to do this after last week's discussion that never
really took off and the only reply was in agreement. There are four pending
curl security advisories: one at level Medium and three at level Low.
The pending release happens on Wednesday. Now I just need to make sure to get
all the necessary documentation, presentation and blog post prepared.
## Myconf
I was invited to speak at the myconf conference [3] in Karlskrona in southern
Sweden. I try to stick to going by train for travels within Sweden (as opposed
to flying) so I traveled the five hours down on Wednesday afternoon and back
home again mid-day Friday. While in Karlskrona, I met a lot of nice people and
was greeted and taken care of by the most awesome hosts. I managed to cram in
a speakers dinner, a full day of conference, a talk of mine, handing out a
crazy amount of curl stickers, participating in a seemingly never-ending
stream of questions and discussions about curl and open source and topped it
off with a boat trip in the archipelago and an elegant dinner. What an awesome
way to "break off the routines".
I'm happy to say that I got a lot of love and positive feedback for my
presentation.
## Coming up
- curl 8.1.0 release on Wednesday, with release blog post and release
live-streamed video presentation
## Links
[1] = https://curl.se/docs/security.html
[2] = https://curl.se/docs/vuln.json
[3] = https://myconf.io/
--
/ daniel.haxx.se
More information about the daniel
mailing list