Steve Grubb wrote:
I'd like to suggest making libcurl-minimal very minimal for
security
reasons. The main curl package has many security issues (CVE's)
constantly. But usually, the problem is in some obscure feature/protocol.
Looking at the packages that depend on libcurl with rpmreaper, most would
use http(s). There might be some that use another protocol. But clear text
protocols like telnet and ftp really don't have a use in today's internet.
Too many threats for clear text.
I suspect that disabling FTP in libcurl is going to break a lot of stuff.
Kevin Kofler