Overview of infrastructure we maintain, host and run in the project for the project.
Since 2010, the main curl git repository has been hosted by GitHub, available at https://github.com/curl/curl.
We also use the issue tracker, pull requests and discussions on GitHub.
curl has an "enterprise account" on GitHub and is an "organization" on the site.
We accept sponsorship via GitHub Sponsors.
For every pull request and git push to the master repository, a number of build and testing jobs are run on a set of different CI services. The exact services vary over time. GitHub Actions and AppVeyor are the primary ones these days.
A Test Clutch instance generates regular reports on curl CI test results at https://testclutch.curl.se/ as well as writing comments on curl pull requests whose tests have failed. The jobs are hosted on a Virtuozzo Application Platform PaaS instance and is managed by Dan Fandrich. The configuration code is is available and managed at https://github.com/dfandrich/testclutch-curl-web
The curl autobuild system is a set of scripts that build and test curl and send all output logs back to the autobuild server. The results are continuously collected and visualized on the curl website at https://curl.se/dev/builds.html.
The autobuild system and server is maintained by Daniel Stenberg.
Google runs the OSS-Fuzz project which also runs fuzzing on curl code, non-stop, in their infrastructure and they send us emails in the rare instances they actually find something.
OSS-Fuzz notifies those that are members in the "curl team". Any curl maintainer who wants to is welcome to participate. It requires a Google account.
We regularly run our code through the Coverity static code analyzer thanks to them offering this service to us for free.
CodeSonar analyzes the curl source code daily and emails Daniel Stenberg whenever it finds suspected problems in the source code. I hope and expect that we can invite other maintainers to access these reports soon.
The project runs services and website using a few different curl related
domain names, including curl.se and curl.dev. Daniel Stenberg owns these
domain names.
Until a few years ago, the curl website was present at curl.haxx.se. The
haxx.se domain is owned by Haxx AB, administrated by Daniel Stenberg. The
curl.haxx.se name is meant to keep working and be redirecting to curl.se for
the foreseeable future.
The main curl website at curl.se is maintained by curl maintainers and the
content is available and managed at https://github.com/curl/curl-www. The site
updates from git and runs make every 20 minutes. Any change pushed to git can
thus take up to 20 minutes until it takes effect on the origin server.
The content on curl.dev is available and managed at
https://github.com/curl/curl.dev/
The content on everything-curl.dev is available and managed at
https://github.com/curl/everything-curl/
The machine hosting the website contents for these three sites is owned by Haxx AB and is primarily managed by Daniel Stenberg (co-owner of the Haxx company). The machine is physically located in Sweden.
curl release tarballs are hosted on https://curl.se/download.html. They are uploaded there at release-time by the release manager.
curl-for-win downloads are hosted on https://curl.se/windows and are uploaded to the server by Viktor Szakats.
curl-for-QNX downloads are hosted on https://curl.se/qnx and are uploaded to the server by Daniel Stenberg.
Daily release tarball-like snapshots are generated automatically and are provided for download at https://curl.se/snapshots/.
CA certificate bundles are extracted from the Firefox source code, hosted by Mozilla and converted to PEM file format and is offered for download. The conversion checks for updates daily. The bundle is provided for download at https://curl.se/docs/caextract.html.
There is an automated "download check bot" that runs twice daily to scan for available curl downloads to populate the curl download page appropriately with the correct updated information. The bot uses URLs and patterns for all download packages and is maintained in a database, maintained by Daniel Stenberg and Dan Fandrich.
The TLS certificate for the origin curl web server is automatically updated from Let's Encrypt.
Fastly runs the Content Delivery Network (CDN) that fronts all the curl websites. The CDN caches content that it gets from the origin server. Recently, roughly 99.99% of web requests are satisfied by the CDN without having to reach the origin.
The CDN caches different content at different lengths depending on the content-type. The caching thus adds to the time for a change to have an effect on the site from the moment it gets pushed to the git repository.
Using this setup, we provide four IPv4 addresses and eight IPv6 addresses for anycast access to the site. Should be snappy from virtually everywhere across the globe.
The CDN servers support HTTP/1, HTTP/2 and HTTP/3. They set HSTS for a year.
The HTTP:// version of the site redirects to HTTPS://.
Fastly manages the TLS certificates from Let's Encrypt for the servers they run on the behalf of curl.
The curl project offer container builds of curl. The source repository for them is located at https://github.com/curl/curl-container.
Container images are hosted at https://quay.io/repository/curl/curl and https://hub.docker.com/r/curlimages/curl
The primary domain name, curl.se is managed by Kirei and is offered over
fault-tolerant anycast servers. High availability and fast access for
everyone.
The actual physical DNS files and origin bind instance is managed by Daniel Stenberg.
The curl related mailing lists are hosted by Haxx AB on lists.haxx.se and
are maintained by Daniel Stenberg. This includes the mailman2 and Postfix
instances used for this.
We use a few rare additional curl related email aliases in the curl domains.
They go through the mail server mail.haxx.se maintained by Daniel Stenberg
We run a bug-bounty on HackerOne. The setup runs entirely at https://hackerone.com/curl.
The money part for the bug bounty is sponsored by the Internet Bug Bounty.
We use Open Collective as our "fiscal host". All money sent to and received by the curl project is managed by Open Collective.
We have stickers, coffee mugs and coasters. They are managed by Daniel who sits on the inventory. The best way to get your hands on curl merchandise is to attend events where Daniel is physically.