View Issue Details

IDProjectCategoryView StatusLast Update
0005193GNUnetbuild processpublic2018-06-07 01:08
Reporterng0Assigned ToChristian Grothoff 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
Product Version0.11.0pre66 
Target VersionFixed in Version0.11.0pre66 
Summary0005193: bump up cURL+gnURL requirement to at least 7.57.0
DescriptionI think with the new release for GNUnet we should bump of cURL + gnURL requirement to 7.57.0 as cURL releases are usually (with just a couple of exceptions) security fix releases.

Is it reasonable to assume that most systems are on 7.57.0 by then, or should we assume some earlier version?
While I'm no fan of repology, this can be useful: https://repology.org/metapackage/curl/versions
Ultimately it's up to the downstream operating systems to keep up to date,
and up to us to decide what we want to rely on.

What do you think?
TagsNo tags attached.

Relationships

related to 0005208 resolvedng0 gnURL moving libgnurl downloads out of Drupal, bumping version in GNUnet 

Activities

Christian Grothoff

2018-03-05 00:24

manager   ~0012878

Most security fixes of curl don't affect HTTP(S). If they do, it does make sense to bump the requirement.

Christian Grothoff

2018-06-07 01:08

manager   ~0013007

Seems so far no change required, if you notice a security issue that does affect gnurl, please *do* bump the version requirement yourself directly.

Issue History

Date Modified Username Field Change
2017-12-06 15:26 ng0 New Issue
2017-12-06 15:26 ng0 Status new => assigned
2017-12-06 15:26 ng0 Assigned To => Christian Grothoff
2017-12-10 12:41 ng0 Relationship added related to 0005208
2018-03-05 00:24 Christian Grothoff Note Added: 0012878
2018-06-07 01:08 Christian Grothoff Status assigned => closed
2018-06-07 01:08 Christian Grothoff Resolution open => no change required
2018-06-07 01:08 Christian Grothoff Fixed in Version => 0.11.0pre66
2018-06-07 01:08 Christian Grothoff Note Added: 0013007