{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihlsexm6raacrumxglvji2qcuvddfqhvez5gka52wdtuy4ocwy5gy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mogiawbn2262"
  },
  "path": "/t/curl-summer-of-bliss-curl-will-not-process-security-vulnerabilities-in-july/38553#post_9",
  "publishedAt": "2026-06-16T18:26:29.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Encounter5729:\n\n> As I said, there are probably multiple maintainers so they can just put one of them in standby\n>  […]\n>  reason you create a project with an institution\n\nAs you said, nobody is working for curl. This isn’t a product by a company. The best you can say is “if it so happens that someone isn’t taking a vacation in July, they might see if they have energy to fix it”. But it’s the developers’ business when they take vacation, and if it happens that it’s all during July, then it’s fair they let people know about it beforehand.\n\n> even if you were to do such a thing, don’t announce it in advance…\n\nThat’s security through obscurity. Exploits are being looked for anyway, eight days a week. The reason you let people know about the downtime, is those who rely on it for security can abstain from using it. They absolutely don’t want to learn about the downtime and why they were pwned in posterior if it could’ve been avoided.\n\nBut, unless you’re stepping up to help them start a sustainable non-profit around the project that can offer continuous vulnerability patching, this critique unfortunately falls into the `choosing beggars` category.",
  "title": "Curl summer of bliss (curl will not process security vulnerabilities in July)"
}