Re: libcurl-minimal

On Sat, Oct 16, 2021 at 10:08 PM Kevin Kofler via devel < devel(a)lists.fedoraproject.org&gt; wrote: > Steve Grubb wrote: > > I'd like to suggest making libcurl-minimal very minimal for security > > reasons. The main curl package has many security issues (CVE's) > > constantly. But usually, the problem is in some obscure > > feature/protocol. > > Looking at the packages that depend on libcurl with rpmreaper, most > > would > > use http(s). There might be some that use another protocol. But clear > > text > > > protocols like telnet and ftp really don't have a use in today's > > internet. > > > Too many threats for clear text. > > I suspect that disabling FTP in libcurl is going to break a lot of stuff. I'd be curious, what package uses curl for it's FTP support? -Steve