Hi team,

The other day a user submitted an issue that made it obvious to me that they had accidentally and unintionally built a debug-enabled libcurl and might have used that in production unless I had told them about and talked them out of it.

A debug-enabled libcurl has debug and test code conditionally built in that makes it unsuitable and unwise to ship and use in production. Some of that test code can be made to act funny or even wrongly, most often controlled by simple environment variables.

I was thinking of what we can do to make this less likely to happen without users being aware of exactly what is going on. Perhaps outputting a little warning at the top of the -V/--version output would help?

Like this:

$ curl -V
WARNING: this libcurl is Debug-enabled, do not use in production

curl 7.87.1-DEV (x86_64-pc-linux-gnu) libcurl/7.87.1-DEV OpenSSL/3.0.7 zlib/1.2.13 brotli/1.0.9 zstd/1.5.2 c-ares/1.18.1 libidn2/2.3.3 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.50.0-DEV ngtcp2/0.13.0-DEV nghttp3/0.9.0-DEV librtmp/2.3 libgsasl/2.2.0
Release-Date: [unreleased]
...

This warning exists as a pull-request: https://github.com/curl/curl/pull/10278

Feel free to comment here or in the PR.

--

 / daniel.haxx.se
 | Commercial curl support up to 24x7 is available!
 | Private help, bug fixes, support, ports, new features
 | https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to