daniel:// stenberg://Mar 2

Three years ago I blogged about #nuget serving outdated #curl packages.

They then removed the packages I found.

I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.

The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/

The curl nuget story

Recently there has been an interesting debate in the Open Source world where people have objected to being called "Suppliers" as in Supply Chain Security when you are but an Open Source developer offering your code to the world for free and at no cost but also without any warranties. That is not a supplier, … Continue reading The curl nuget story →

daniel.haxx.se
Show threaddaniel:// stenberg://Mar 2

"Microsoft is no longer accepting new submissions through [email protected]. Please use the Microsoft Researcher Portal "...

😠

Show threadKlaus Frank

@bagder

Didn't they fire everyone in the team that was handling the submissions through that email address a few years ago?

Mar 5 at 8:22amWeb