We call it Rock-solid curl instead of LTS or Long-Term Support because we think it sounds cooler. But in reality that's what this is.
We create a new Rock-solid curl release branch off from upstream curl roughly every 18 months.
We only merge security fixes and backport important bugfixes into all still living Rock-solid curl branches and guarantee each a five year life-time (from the day of the first release of said Rock-solid curl branch).
 | Using Rock-solid curl reduces the risk for regressions dramatically |
| Rock-solid curl downloads are only provided to current customers with existing support contracts |
| Rock-solid curl releases are the same style source code tarballs using the same layout as normal releases. Using the same license. |
| Rock-solid curl releases can be provided using a commercial license on request. |
| Rock-solid curl support and issues are managed separately from open source curl if the problems are unique to Rock-solid curl |
| Rock-solid curl support is private and confidential. Your secrets are safe. |
| Rock-solid curl versions are easily and quickly identifiable as Rock-solid curl releases compared to “normal” curl releases |
| Rock-solid curl customers can nominate bugfixes to backport from upstream curl |
| We offer extended Rock-solid curl support beyond the initial five years on a case by case basis |
| Access to the Rock-solid curl git repository is not provided unless specially requested. The Rock-solid curl improvements will not be merged into or be present in the upstream curl git repository. |
| Rock-solid curl has its own version numbers, which may coincide with the real curl versions but we should try not to - to reduce confusion and mixups |
| Rock-solid curl versions are guaranteed to be security-patched and have updated releases available for download in sync with announced future curl security vulnerabilities. |
| Rock-solid curl customers get notified about such security updates of Rock-solid curl versions |
| Rock-Solid curl maintains branches separated from the upstream curl project and as such it does not taint nor directly affect the original curl offer |
When 18-24 months have passed since the previous Rock-solid curl branch started, we pick the second or third to last, or so, upstream curl release to become the new Rock-solid curl release branch. To allow it to have matured a somewhat.
We then backport security patches and the important stability fixes done since that release.
This makes us able to offer about three living Rock-solid curl branches at any given time. Each with its own end-of-support date.
Ideally, when we create a Rock-solid curl based on curl version 8.X.1, we make 8.X.2 the first Rock-solid curl version in that branch.
Existing customers may nominate new version candidates for the next Rock-solid curl branch.
See the support page.