Originally posted by BwackNinja
View Post
Announcement
Collapse
No announcement yet.
Fedora Looks To Lighten Its Default Curl Packages
Collapse
X
-
-
Originally posted by uxmkt View PostProbably not from an interactive command-line, but as a library, that would be quite nice. libcurl is much more prevalent than libssh or libssh2; too bad openssh does not have a library - it would be sooo universal. Furthermore, rsync, my preferred mode of transfer, does not have a ready library either.
- Likes 1
Comment
-
Libcurl has been the tool of choice for adding SSO with MS AD to php apps via its NTLM support, at least up to the point where MS went all ADFS. It is also used for making authenticated http calls to IIS servers.
I imagine that there are quite a few of those setups still out there, so I would not be so quick in dropping NTLM support - albeit I also imagine that most php apps are running on more "server-focused" distributions than Fedora or, in any case, should be able to cope with having the "full" version of curl installed.
Comment
-
I'd enable SFTP in libcurl-minimal now that "drop HTTPS because no enough people use it" is no longer an option for "people need an FTP-like but FTP's design is too archaic" but, otherwise, makes sense.
To be honest, I'm surprised that it still takes so much googling to find a way to run a WebDAV server without going full Apache, given that every OS seems to build a client into its file manager now.
Comment
-
Originally posted by WizardGed View PostThis will be a pain, curl is like a Swiss army knife when dealing with networking/application issues especially in containers and curl is one of the few things I can expect in a container. I'm sure there are security benefits but for those that rely on containers from RedHat for base images that they do not modify, this will get annoyingly painful fast.
Comment
-
Originally posted by AHSauge View Post
When would you be using any of the non-default protocols in curl and not be in a position to build custom containers?
Originally posted by AHSauge View Post
In any case, and maybe I'm just too used to having easy access to self-hosting custom containers here, but making your own containers isn't exactly that hard. Within the company I work at, we barely have a single CI/CD process that can run on a standard container. Quite quickly, additional dependencies are needed
Little bit sidetracked on all this curl is just really useful to deal with all the business interactions in a wildfly application or supporting applications all within the pod your having an issue with.
- Likes 1
Comment
-
Originally posted by WizardGed View Post
Quite often in production. self built containers may be a thing in testing and development but in general using an unmodified base container image is recommended by Redhat as they can guarantee security of the base image and CVE tracking and remediation is incredibly simple. you also run into the inevitable issue of "who made what changes where?" and the inevitable pain involved in trying to maintain "The golden image" that you maintain and is really more like the spray painted gold garbage that has way too many customization and way too high an attack surface. Also on a more practical not it is significantly easier to answer the question of "how do we remediate and test our images for X Y or Z vulnerability if Redhat is already maintaining and patching new images for you and you just need to stay up to date.
Like I said before it's not so much that it's hard, it's just that it's undesirable. it puts the accountability directly on your head for all vulnerabilities and application interactions vs the upstream container image vendor. usually most of the dependencies we require have maintained redhat images we can use and be sure are updated for the entire business.
Little bit sidetracked on all this curl is just really useful to deal with all the business interactions in a wildfly application or supporting applications all within the pod your having an issue with.
All you need to get the old behavior is
FROM fedora:whatever
RUN dnf install curl-full
That's it! There is absolutely nothing "undesirable" about this. I'm not sure how installing another package provided by the os makes you responsible for os wide security vulnerabilities, it's not like you are building the image from scratch
- Likes 2
Comment
-
Originally posted by partcyborg View Post
What are you talking about?
All you need to get the old behavior is
FROM fedora:whatever
RUN dnf install curl-full
That's it! There is absolutely nothing "undesirable" about this. I'm not sure how installing another package provided by the os makes you responsible for os wide security vulnerabilities, it's not like you are building the image from scratch
Comment
-
Originally posted by WizardGed View Post
If you have to deal with banking or really any high level compliance it isn't that simple.
- Likes 2
Comment
Comment