cURL, the command line tool and library that counts at least 20 billion installs by way of the libcurl package, is taking the summer off.
On Monday, creator Daniel Stenberg announced the "cURL summer of bliss", during which the project will not accept any security reports.
Between July 1 and August 3, the project's HackerOne page will not accept submissions, and its security email address will "also be a dead end", Stenberg said in a blog post.
Pull requests will remain open, but the project "will not process or otherwise care about security or vulnerability reports sent to us" during that time, he said.
"Whatever issue you find that you feel a need to report to the curl project during this month has to wait."
Trouble? Tough
cURL is three decades old, and an April vulnerability scan by Mythos identified only one flaw. It has never suffered a serious security meltdown. Statistically, it seems unlikely that it will face an emergency during the summer break.
But if it does?
