cURL, the command line tool and library that counts at least 20 billion installs by way of the libcurl package, is taking the summer off.
On Monday, creator Daniel Stenberg announced the "cURL summer of bliss", during which the project will not accept any security reports.
Between July 1 and August 3, the project's HackerOne page will not accept submissions, and its security email address will "also be a dead end", Stenberg said in a blog post.
Pull requests will remain open, but the project "will not process or otherwise care about security or vulnerability reports sent to us" during that time, he said.
"Whatever issue you find that you feel a need to report to the curl project during this month has to wait."
cURL is three decades old, and an April vulnerability scan by Mythos identified only one flaw. It has never suffered a serious security meltdown. Statistically, it seems unlikely that it will face an emergency during the summer break.
But if it does?
Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。