daniel:// stenberg://Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
The curl nuget story
Recently there has been an interesting debate in the Open Source world where people have objected to being called "Suppliers" as in Supply Chain Security when you are but an Open Source developer offering your code to the world for free and at no cost but also without any warranties. That is not a supplier, … Continue reading The curl nuget story →
.vad//hakara🧭