[ITP-adopt] curl 7.15.0
Yaakov S (Cygwin Ports)
Wed Nov 23 19:07:00 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Brian Dessent wrote:
> I would like to adopt these packages and maintain them. The current
> packaged version is somewhat old anyway, and I believe that someone
> mentioned it being vulnerable to a security flaw. Below are packages
> for 7.15.0.
First, thank you for taking on curl.
A few questions:
1) I don't think that we should keep libcurl2 as-is, being that it's
vulnerable. Either we could drop it entirely (and recompile
vorbis-tools against libcurl3 immediately), or rebuild curl-7.11 with
the following patch:
2) curl-7.15 can use c-ares and libidn, both recently proposed by
Gerrit. c-ares was approved, but libidn had some packaging issues.
Maybe you could work with him to get those in the distro, then link
curl-7.15.0 with them as well (either now or for -2).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Cygwin-apps