On Wed, 9 Dec 2020 21:58:34 +0000, Frank Swarbrick wrote:
>I have downloaded and installed in my personal z/OS Unix directory curl and a
>few other z/OpenSource tools from Rocket Software. I have asked my z/OS
>security guy if we can go ahead and have our systems group (outsourced to IBM
>zCloud) "officially" install them. He came back with the following: "My
>question is how do we approve, track and secure the open source code we are
>putting on z/OS?"
>
Note that curl issued multiple security advisories today, including:
https://curl.se/mail/archive-2020-12/0007.html
How long does it take Rocket to catch up?
Have Rocket's patches been merged into the curl base on github?
>Does anyone have suggestions on answering this concern?
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
