curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Idea: voluntary restricting curl (use)

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 14 Jan 2019 09:18:31 +0100 (CET)

On Fri, 11 Jan 2019, Ray Satiro via curl-library wrote:

> I think the developer should not have to worry about problems like that.

I don't think this would be a particular developer worry. The error
message/logging texts should clearly state the reason for why it didn't work
as intended so if users report errors to the applications after having used
*INHIBIT, the application author could just explain that. Or even better: the
user would understand that already based on the error output.

This could be a rather efficient way for users to detect if their favorite
applications are using features/protocols that they shouldn't. Like insecure
protocols or non-verified TLS servers.

> I see a world where everyone starts peppering their scripts to nullify
> CURL_INHIBIT.

I'm not so sure that is the obvious outcome. A future script that sets
CURL_INHIBIT would signal to the world that it is shady and potentially is
using curl in a insecure or unrecommend way...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-01-14