daniel:// stenberg://1d ago

Don’t trust, verify

https://daniel.haxx.se/blog/2026/03/26/dont-trust-verify/

#curl

Don’t trust, verify

Software and digital security should rely on verification, rather than trust. I want to strongly encourage more users and consumers of software to verify curl. And ideally require that you could do at least this level of verification of other software components in your dependency chains. Attacks are omnipresent With every source code commit and … Continue reading Don’t trust, verify →

daniel.haxx.se
Show threadJosh Bressers15h ago

@bagder I love this message. Open source was never about trust and will never be about trust

It’s always been about the ability to verify

Show threaddaniel:// stenberg://15h ago
@joshbressers yeps. When we do too much trusting and too little verifying, we open up for badness to strike.
Show threadJosh Bressers

@bagder I talked to @Foxboron about this a bit at KubeCon a few days ago

The Linux distros figured a lot of this stuff out, then everyone decided they were dumb and slow :)

And now we have <gestures at everything>

11:11pmWeb