Notices by daniel:// stenberg:// (bagder@mastodon.social)

Happy birthday #git, 20 years old today

(since the initial release)

Writing C for #curl

https://daniel.haxx.se/blog/2025/04/07/writing-c-for-curl/

Remember, if you just take this day as a weekend, your #curl rewrite could be finished

(from the collection at https://daniel.haxx.se/blog/2021/05/20/i-could-rewrite-curl/)

It's been six years now since #curl dropped support for HTTP/1 pipelining.

https://daniel.haxx.se/blog/2019/04/06/curl-says-bye-bye-to-pipelining/

I have never regretted it.

Joint Letter on Swedish Data Storage and Access to Electronic Information Legislation

Accepting signatures of the letter until 13.00 UTC on Monday, 7 April 2025

https://docs.google.com/document/d/1eA7kCixXTIWimLIiUBBqAcAcvo6me4ywtNPyzGbwn6E/edit?tab=t.0

I signed

The eight words that make an open source maintainer all warm inside.

"I can fix this one if you like."

Yesterday I requested a person to pay for support as they desperately asked me for immediate help with their #libcurl problem (for a huge international company doing an expensive commercial device), seemingly in a hurry.

To which the user said no thanks, closed the issue and vanished.

The open source life.

each build round takes about 10-12 seconds.

I found (and fixed) multiple problems with this approach earlier this afternoon but now it has been running for several hours without hitting any problems at all. Boring.

brute-force testing random #curl build option combinations non-stop like a boss

@kaia they stilled helped out and took us forward. And they might still have "traces" left in other areas of the git repo. Every contributor is awesome!

amusing stat: in #curl 8.13.0 we have "surviving" code lines from 622 authors. (who has at least one production code line with their name in git blame)

That's 11 *fewer* than in the previous release.

In fact, we peaked at 636 unique authors in version 8.10.1 and it has gone down since.

No, I don't have any conclusion to make based on this. It's just variations over time.

@joshbressers @gregkh @TheNewStack @sjvn agreed.

We are proposing OSS projects to be able opt out of getting CVE records "improved" by CVSS.

We are also discussing how smaller OSS projects could get an existing CNA to deal with their CVEs (their scope really), as if they were a CNA.

This within the "OSS CNA group" that has been started featuring curl, kernel, perl, and lots of linux distros ppl etc.

Remember the #curl distro meeting 2025 next week! https://github.com/curl/curl/wiki/curl-distro-discussion-2025

To make #curl better in distros. To make distros ship better #curl. To make everyone happier and the world a little nicer.

I had not considered removing dotdot-sequences from URLs when the dots are URL encoded! There is always another level of "fun" with URLs.

https://github.com/curl/curl/pull/16870

During 27 years of shipping curl, we have *never* before fixed bugs at a higher rate than we have done these last seven weeks.

That's what having @icing and @vsz in your project can do.

We have at least 290(!) logged bugfixes queued up for the #curl release coming in four days. That's more than 6 bugs squashed per day on average during this release cycle.

Just imagine how many bugs we must be adding! 😉

What do you think are the primary challenges for Open Source the coming years?

Security? CRA? Financing? Maintainer burnout? Recruiting young developers? Adapting to a country-former-ally going nuts? AI slop? AI bot overload? Something else?

(I'd like some more food for thoughts for an upcoming talk)

You can help #curl by testing this final release candidate, rc3, before the real release happens next week:

https://curl.se/rc/

Remember that there is no single or homogeneous "Open Source community". It is an enormously huge, loosely coupled bunch of humans, each with their own goals, ideas and expectations. The few foundations we have don't cover more than just a small fraction of the Open Source done in the world made by millions of humans and some companies.

Don't expect the foundations to necessarily be on your side or view OSS like you do.

@skaverat three years ago we were at less than 20GB/month, but there is no clear cut-off date nor do I know exactly what amount of this traffic that is AI bots and not