> > Tell me what you want or wish we do/add/implement/remove in the curl > project > this year! >
Hello Daniel, I'm Diogo Sant'Anna — I recently contributed to curl through https://github.com/curl/curl/pull/9928. One great addition to the project this year could be enhancing the security aspect of curl's release process. Checking https://curl.se/dev/release-procedure.html, it seems the project's release is still managed manually. Have you considered migrating it to an automated release — e.g., through GitHub Actions, Google Cloud Build, or any other hosted build environment? This would protect against human error and potentially building with incorrect dependencies. There’s also the Open Source Security Foundation’s SLSA framework <https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html>, which can offer progressive steps to harden your release process and build artifacts. Happy to discuss the benefits of both options, if it's helpful. I'm available to develop or contribute these changes if you’re interested. Alternatively, given the importance of curl to the open source ecosystem, I believe the improvements would be eligible for financial rewards through the Linux Foundation’s Secure Open Source Rewards program <http://sos.dev>, if the project prefers to take the lead. I'd also be available to support if help is needed. Best! • *Diogo Teles Sant Anna (he/him)* • Software Engineer (SWE) | SAO-OSC • Google Open Source Security Team (GOSST) • [email protected] <[email protected]> | +55 (19) 98215-8522 <+55%2011%2093263-2263>
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
