View Issue Details

IDProjectCategoryView StatusLast Update
0005193GNUnetbuild processpublic2018-06-07 01:08
Reporternikita Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
Product Version0.11.0pre66 
Fixed in Version0.11.0pre66 
Summary0005193: bump up cURL+gnURL requirement to at least 7.57.0
DescriptionI think with the new release for GNUnet we should bump of cURL + gnURL requirement to 7.57.0 as cURL releases are usually (with just a couple of exceptions) security fix releases.

Is it reasonable to assume that most systems are on 7.57.0 by then, or should we assume some earlier version?
While I'm no fan of repology, this can be useful:
Ultimately it's up to the downstream operating systems to keep up to date,
and up to us to decide what we want to rely on.

What do you think?
TagsNo tags attached.


Christian Grothoff

2018-03-05 00:24

manager   ~0012878

Most security fixes of curl don't affect HTTP(S). If they do, it does make sense to bump the requirement.

Christian Grothoff

2018-06-07 01:08

manager   ~0013007

Seems so far no change required, if you notice a security issue that does affect gnurl, please *do* bump the version requirement yourself directly.

Issue History

Date Modified Username Field Change
2017-12-06 15:26 nikita New Issue
2017-12-06 15:26 nikita Status new => assigned
2017-12-06 15:26 nikita Assigned To => Christian Grothoff
2018-03-05 00:24 Christian Grothoff Note Added: 0012878
2018-06-07 01:08 Christian Grothoff Status assigned => closed
2018-06-07 01:08 Christian Grothoff Resolution open => no change required
2018-06-07 01:08 Christian Grothoff Fixed in Version => 0.11.0pre66
2018-06-07 01:08 Christian Grothoff Note Added: 0013007