daniel:// stenberg://

🛡️ bagder_at_mastodon.social@momostr.pink

npub1cm0d...enqe

I write curl. I don't know anything. website: https://daniel.haxx.se/ github: https://github.com/bagder

I'm putting together a list of big and small issues that makes us (the curl project) considering switching away from GitHub for security reporting/advisories again:

Gist

GitHub Security Advisory wishlist from the curl project

GitHub Security Advisory wishlist from the curl project - GSA-wishlist.md

*considering* being the operative word, nothing has been decided and I think it's fair to give it some more time first. And some communication to see what can be done, fixed or adjusted. To be continued.

daniel:// stenberg:// 2 days ago

New financial contributor to #curl: Open Broadcaster Software ($10,000.00)

daniel:// stenberg:// 3 days ago

Early anecdotal data: turning off the bug-bounty may not make much difference... 😱

daniel:// stenberg:// 3 days ago

the public consultation on "European Open Digital Ecosystems" apparently received 1,658 submissions. One of the biggest public consultations ever apparently. Well done fellow Open Sourcers!

daniel:// stenberg:// 3 days ago

Switching away from Hackerone is not a guarantee... Here we go.

daniel:// stenberg:// 3 days ago

if you search for my name among that huge pile of documents that now show how everyone wanted to hang out with him, you get several hits. Several PDFs that contain the curl license, for various software products it seems. I assume this is exactly how I easily get into trouble. Like sometimes when trying to travel... 😕

daniel:// stenberg:// 3 days ago

I hope I'm not the only one who think that a solid test suite for your project has proven more important than ever. That's the wall crappy AI-generated PRs can't climb over.