Fedora Looks To Lighten Its Default Curl Packages

Written by Michael Larabel in Fedora on 22 February 2022 at 02:18 PM EST. 22 Comments
While curl and the cURL library are most commonly used for HTTP(S) and FTP usage, this widely-used software also supports a plethora of other network protocols. In order to save disk space by default and also exposing its cURL packages to less security bugs by default, Fedora is looking at shipping "minimal" versions by default of its cURL packages.

A change proposal has been submitted for Fedora 37 that would use libcurl-minimal and curl-minimal packages by default. The "minimal" cURL packages only expose HTTP / HTTPS / FTP support while those needing other network protocol support could install libcurl-full and curl-full for the entire suite of support.


The cURL packages disable a wide range of obsolete or rarely used protocols like DICT, GOPHER, IMAP, LDAP, LDAPS, MQTT, NTLM, POP3, RTSP, SMB, SMTP, SFTP, SCP, TELNET, TFTP, brotli compression, and IDN2 names. The emphasis with minimal cURL is to save disk space and reduce the security risk for all the rarely-used/deprecated protocols that are sometimes home to security bugs.

More details on this planned change for Fedora 37 later in the year can be found via the Fedora Wiki.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week