Post · bonfire.cafe

Post

I'm putting together a list of big and small issues that makes us (the curl project) considering switching away from GitHub for security reporting/advisories again:

https://gist.github.com/bagder/ed3268e8745452a53a999d23b7fa1273

*considering* being the operative word, nothing has been decided and I think it's fair to give it some more time first. And some communication to see what can be done, fixed or adjusted.

To be continued.

Thibault

@thibault@mastodon.online replied · 5 days ago

@bagder Only tangentially related, but are you stil mirroring curl to Codeberg ? Any plans for a migration in case Microsoft decides to double-double-double down on AI-everywhere-as-a-feature ?

daniel:// stenberg://

@bagder@mastodon.social replied · 5 days ago

@thibault Yeps, the codeberg mirror is kept in sync: https://codeberg.org/curl/curl-mirror/

Codeberg.org

curl-mirror

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful f...

drakeerv

@drakeerv@mastodon.social replied · 5 days ago

@bagder @Codeberg is calling lol

Dźwiedziu

@dzwiedziu@mastodon.social replied · 5 days ago

@bagder
I'm at best a “security aware person”, and yet it seems that half of those are valid reasons to be knee-deep in hell^Wmigration plans.

Dan Brown

@danb@fosstodon.org replied · 5 days ago

@bagder Related to this, I really wish for a platform, abstract from code hosting solution, which provides a place for open source projects to manage security reports and CVEs, that's not "gamified" for reporters.

I've been moving away from GitHub, but reporting via the Mitre form is slow and cumbersome. I've been searching for something better but not found anything yet!