On Monday, 9 May 2016 at 08:55:36 UTC, Jonathan M Davis wrote:
But given that std.net.curl handles stuff like SSL/TLS, we _can't_ actually replace all of its functionality - at least not without adding a dependency on a different C library, since there's no way that it's sane to do the crypto stuff ourselves without a crypto expert, and even then, we should think twice about it. I could see implementing the SSL/TLS protocols themselves but not the crypto they use. If we replace std.net.curl, we likely should just provide the basic HTTP functionality, and leave the rest to a dub package that we move std.net.curl to.
Any chances that we can produce good crypto code over time? And verify it with experts, of course.
In addition, Phobos is not tied to curl's release cycle, and if curl gets a version bump on someone's system, and Phobos hasn't been updated to match, they're going to have a problem. And if we updated to match the version bump, and their distro hadn't, then we'd also have a problem.
Oh, that explains why I constantly ran into [this issue][0]. While it was fixed in curl itself.
[0]: https://github.com/curl/curl/issues/447
