Post · Gnar 🔥 social

@older@mstdn.social replied · 7 hours ago

@bagder
I think I have asked you about this already, but please consider nuget prefix reservation for "Curl":
https://learn.microsoft.com/en-us/nuget/nuget-org/id-prefix-reservation

ID Prefix Reservation

Package ID Prefix Reservation feature description and author guide.

1

daniel:// stenberg://

@bagder@mastodon.social replied · 5 hours ago

@older why would I spend another second trying to help their security?

1

older

@older@mstdn.social replied · 3 hours ago

@bagder
Valid point.
I also now think it would only make sense if there would exist official curl NuGet package.

Tina H

@tina@mastodon.babb.no replied · 8 hours ago

https://www.nrk.no/bokbrevet/bokbrevet-_65-hvor-blir-det-av-de-minneverdige-karakterene-i-samtidslitteraturen_-1.17797235 - kanskje to grunner, her ... det er norsk, og vi tror på "seriøs litteratur"

Tro meg, ingen kommer nevne Tengel på den DER lista ...

NRK

Bokbrevet #65 Hvor blir det av de minneverdige karakterene i samtidslitteraturen?

Jeg husker nesten ingen hovedpersoner fra norske romaner de siste årene.

TheTomas

@TheTomas@social.toot9.de replied · 2 days ago

@bagder Yeah, this is exactly the way, how Microsoft (and btw. most of Bigtec) understand live governance.

Safigo

@safigo@c.im replied · 2 days ago

@bagder I have a strong feeling you've already written about #Microsoft using outdated #curl version somewhere.

Am I hallucinating?

1

daniel:// stenberg://

@bagder@mastodon.social replied · 2 days ago

@safigo sure, I link to my previous nuget complaint in the post: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/ - but I probably did it more times as well

daniel.haxx.se

The curl nuget story

Recently there has been an interesting debate in the Open Source world where people have objected to being called "Suppliers" as in Supply Chain Security when you are but an Open Source developer offering your code to the world for free and at no cost but also without any warranties. That is not a supplier, … Continue reading The curl nuget story →

Peter Jeschke

@peter@jeschke.dev replied · 2 days ago

@bagder I think this isn't a nuget problem, but just package managers in general? For example, the central maven repository has loads of libraries that ship some ancient curl versions: https://central.sonatype.com/search?q=curl

I would assume the same for every other ecosystem as well

Maven Central

Maven Central: Search

Search and discover Java packages with our advanced search functionality.

Luís Correia

@luisfcorreia@mastodon.social replied · 2 days ago

@bagder I might be thinking the wrong thing but can curl project upload curl packages to the chickencoop so that 'at least' some packages are from known source?

I know that's not your problem to fix, but still...

1

daniel:// stenberg://

@bagder@mastodon.social replied · 2 days ago

@luisfcorreia sure, in theory that could possibly be done. But to me that would feel like giving in to them and accepting this as how it needs to be so I will not participate in that.