On Wed, 29 Sep 2021, Olivier Delhomme wrote:
I was speaking of maintaining already released versions with security patches. May be choosing whether to integrate a fix or upgrade to a newer version is a task that belongs to the one that distributes libcurl. Finally there is no need to distinguish between security patch upgrades and feature upgrade because the latter can be done transparently.
Users of libcurl version X can always upgrade to version X+1 with all the features and functionality intact. Version X+1 includes security fixes to all problems reported in version X. By that definition we already "maintain released versions" for way longer than seven years.
But yes, libcurl distributors work their butts off to backport patches into older curl versions so that they can tell their users they're still on version X but with all the known security problems in X fixed.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
