View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005193 | GNUnet | build process | public | 2017-12-06 15:26 | 2018-06-07 01:08 |
| Reporter | nikita | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | no change required | ||
| Product Version | 0.11.0pre66 | ||||
| Fixed in Version | 0.11.0pre66 | ||||
| Summary | 0005193: bump up cURL+gnURL requirement to at least 7.57.0 | ||||
| Description | I think with the new release for GNUnet we should bump of cURL + gnURL requirement to 7.57.0 as cURL releases are usually (with just a couple of exceptions) security fix releases. Is it reasonable to assume that most systems are on 7.57.0 by then, or should we assume some earlier version? While I'm no fan of repology, this can be useful: https://repology.org/metapackage/curl/versions Ultimately it's up to the downstream operating systems to keep up to date, and up to us to decide what we want to rely on. What do you think? | ||||
| Tags | No tags attached. | ||||
|
|
Most security fixes of curl don't affect HTTP(S). If they do, it does make sense to bump the requirement. |
|
|
Seems so far no change required, if you notice a security issue that does affect gnurl, please *do* bump the version requirement yourself directly. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-12-06 15:26 | nikita | New Issue | |
| 2017-12-06 15:26 | nikita | Status | new => assigned |
| 2017-12-06 15:26 | nikita | Assigned To | => Christian Grothoff |
| 2018-03-05 00:24 | Christian Grothoff | Note Added: 0012878 | |
| 2018-06-07 01:08 | Christian Grothoff | Status | assigned => closed |
| 2018-06-07 01:08 | Christian Grothoff | Resolution | open => no change required |
| 2018-06-07 01:08 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2018-06-07 01:08 | Christian Grothoff | Note Added: 0013007 |
