-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Dessent wrote: > I would like to adopt these packages and maintain them. The current > packaged version is somewhat old anyway, and I believe that someone > mentioned it being vulnerable to a security flaw. Below are packages > for 7.15.0.
First, thank you for taking on curl. A few questions: 1) I don't think that we should keep libcurl2 as-is, being that it's vulnerable. Either we could drop it entirely (and recompile vorbis-tools against libcurl3 immediately), or rebuild curl-7.11 with the following patch: http://curl.haxx.se/libcurl-ntlmbuf.patch 2) curl-7.15 can use c-ares and libidn, both recently proposed by Gerrit. c-ares was approved, but libidn had some packaging issues. Maybe you could work with him to get those in the distro, then link curl-7.15.0 with them as well (either now or for -2). Yaakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhL3OpiWmPGlmQSMRAosrAKDAHQ9ldfW/N2YZXg3Fk/IZzfyyUwCfXhW+ uIrEEuZEr5AvuGArVPEeC+8= =ZUpH -----END PGP SIGNATURE-----
