On Thu, 24 Oct 2019, Rainer Canavan via curl-library wrote:
Question to devs: should HTTP/2 be disabled on buggy versions of
libnghttp2? I guess it can be done in runtime, since curl already gets
libnghttp2 version info.
I'd say no.
I'm with Rainer on this one.
I think it's important to note that this bug was always there in nghttp2 up
until the fix in 1.32.1 and it didn't hurt anyone for a very long time. This
is just a case of a rarely occuring bug fixed in a third party dependency.
At any given point in time, there are bound to be many such in one or more of
the *30* different third party dependencies curl can be built to use. It just
cannot be our job to dictate for users what specific versions of third party
dependencies that are okay to use.
Everyone who builds and ships curl can of course on their own choice opt to
disable functionality based on the state of the particular third party
libraries and their versions.
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
