[faitswulff]

And a credit to the author of cURL as well:

> We’d like to thank Daniel for his willingness to be a leader on this issue. It’s not easy to make such significant changes to how wildly successful software is built, but we’ve come up with a great plan and together we’re going to make one of the most critical pieces of networking software in the world significantly more secure. We think this project can serve as a template for how we might secure more critical software, and we’re excited to learn along the way.

[brundolf]

> one of the most critical pieces of networking software in the world

cURL is widely available and widely used, obviously, but I'm surprised to see it described this way. I've always seen it mainly as a way for people and scripts to conveniently try out endpoints and download files. But this makes it sound like more than that; does it get widely used in an infrastructural capacity?

[steveklabnik]

A "fun" insight here: https://daniel.haxx.se/blog/2016/11/14/i-have-toyota-corola/

[woodrowbarlow]

the binary `curl` is just a CLI frontend for `libcurl`. curl can do a lot more than HTTP. it can transfer data over 20-odd different protocols, including real-time streaming media. it's huge in embedded software.

[brundolf]

Oh I see, I didn't realize its core was exposed as a library. That makes more sense!

[gspr]

Once you go looking, you'll find libcurl everywhere. I wouldn't be surprised if your grandma interacts with libcurl multiple times per day without knowing.

[wool_gather]

libcurl (as opposed to the CLI) is extremely widely used according to the author (https://stackoverflow.com/a/55885729):

> At an estimated six billion installations world wide, we can safely say that curl is the most widely used internet transfer library in the world. [...] curl runs in billions of mobile phones, a billion Windows 10 installations, in a half a billion games and several hundred million TVs - and more.

[Tankenstein]

I remember from very old PHP days that the default http client everyone reached for in PHP land was curl: https://www.php.net/manual/en/book.curl.php . I don't doubt that this is the case for many other older languages as well. This means, in turn, that there are large swathes of the internet communicating with one another via methods like this.

[kevincox]

I'd bet there are easily 10s of thousands of "critical" scripts that rely on curl.

[computerphage]

If you put curl in a script that runs on every new machine in your infrastructure, I'd say that's pretty widely used.