On Friday, July 29, 2016 12:57:04 dev_user wrote:
> That is a the ever changing code base.

It is not. If you download the URLs 10 years from now, you will get the
same contents, the one that was prepared and thoroughly tested for the
7.50.0 release of curl. You can replace the curl-7_50_0 tag in those URLs
by the corresponding SHA1 hash (79e63a53bb9598af863b0afe49ad662795faeef4)
if you suspect curl developers from rewriting the tag later on. If the
SHA1 hash is not strong enough for your policy, it will complicate your
job negligibly.

Anyway, this thread is getting pretty off topic I guess...

Kamil

> Consider ISC BIND :
> https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html
>
> Consider Libidn :
> https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
>
> That is a well understood formal release of a version.
>
> So is this for Curl and libCurl :
>
> https://curl.haxx.se/mail/archive-2016-07/0040.html
>
> Therefore the version must match 7.50.0 otherwise it is not to be
> considered a formal "release" along with an announcement on the project
> web site and the usual mail lists. One may say the same for the a whole
> pile of other projects such as GCC, Apache, etc etc.
>
> The released software must be available in some sort of a trivial
> archive format and usually a GPG signature or at least a SHA256 hash
> provided. Thus :
>
> https://curl.haxx.se/download.html
>
> Anything else is not a release of anything. It is a prototype
> or a code change or a patch or a even whimsy thought. However I will
> admit that there are odd balls outthere such as the bash shell. However
> the bash people release actual patch files :
>
> ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-046
>
> Thus it is possible to have a built and tested "release" of the bash
> shell which will have a formal patch rev tag built into it :
>
> dev_$ /usr/local/bin/bash --version
> GNU bash, version 4.3.42(1)-release (sparc-sun-solaris2.10)
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
>
> This is free software; you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Here it is possible to refer to a release version 4.3.42 or perhaps a
> version 4.3.46 regardless of the fact that the last "release" from the
> bash people was 4.3.30 :
>
> http://ftp.gnu.org/gnu/bash/
>
> People can argue this all day but the upshot of release versions is that
> we do actually have a Linux 4.7 kernel released and we have a formal
> and well documented version for curl and libcurl released as well as a
> thousand other software packages. Anything not released is "beta" or
> just a code change unless there is a formal patch release. None of which
> can be released into a testing stack inside a corporation or to some
> server stack which is under close guard and scrutiny to a whole slew of
> auditors and testing departments etc etc.
>
>
> Dennis
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-07-29