daniel:// stenberg://Apr 24, 2023

Do NOT. I repeat. Do NOT remove curl.exe from your Windows System32 folder to silence a (stupid) security scanner. It will lead to tears and sorrows.

And if you do, please don't ask *me* for help when you've broken your Windows install. I can't fix that.

Show threaddaniel:// stenberg://Apr 24, 2023

Why do people remove it? Because NVD has exaggerated a curl security flaw to an inflated level, and now "security scanners" insist that the bundled curl executable has a "high severity" security flaw and scaremongers people into removing it.

And then they realize Windows update refuses to work.

Are we sure this is the best we can do?

Show threadSeán Fenian
@bagder curl is overused, I think. It's the "When all you have is a hammer..." problem.

A little off-subject, I know...

The Vyatta-based OS on my firewall/router uses curl for all remote operations. Including, for example, uploading configuration backups to a separate host. It performs that commit-archive operation as an scp copy, for which it mystifyingly uses curl. The only possible reason I can conceive to use curl to do scp instead of, like, you know, using scp to do scp, is because it's an easy Swiss-army-knife one-size-fits-all tool that they can use for a dozen supported protocols.

The problem is, they're not all WELL supported. My archive commits were broken for months while I tried, and tried, and tried, fix after fix after fix to make the scp operation using curl work correctly. NONE of them worked. As far as I can tell, most of the people on the relevant forums trying to fix that problem have never succeeded either.

Finally I just patched the relevant script and changed the offending line of code to use scp to perform scp transfers. (Radical, huh?) And just like that, It Just Worked.

Sometimes, the easy Does Everything tool is NOT the right tool for the job. Because they quite seldom do everything well.
Apr 24, 2023 at 6:05pmWeb