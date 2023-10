С неожиданными откровениями (нет) и выводами (да).

Например про 1000чи глаз:

Reading the code now it is impossible not to see the bug. Yes, it truly aches having to accept the fact that I did this mistake without noticing and that the flaw then remained undiscovered in code for 1315 days.

It could have been detected with a better set of tests.

Кто виноват:

Yes, this family of flaws would have been impossible if curl had been written in a memory-safe language instead of C, but porting curl to another language is not on the agenda.

И про, "что делать":

The only approach in that direction I consider viable and sensible is to:

- allow, use and support more dependencies written in memory-safe languages and

- potentially and gradually replace parts of curl piecemeal, like with the introduction of hyper.

(hyper написан на Rust)