Porters,
After a meeting around an actual physical table at the Perl Toolchain
Summit last week, the three of us were back to our regular video calls.
The call was longer than usual, as we delved into the code of CPAN.pm.
## Release blockers for 5.038
We looked at the tickets we tagged "Release Blocker" last week, and made
some decisions.
The following issues are NOT release blockers:
- Path-Class (https://github.com/Perl/perl5/issues/20039): it's been
broken for the past 2 stable releases
- App-ClusterSSH (https://github.com/Perl/perl5/issues/20376): already
failing in 5.036, added comments in the ticket
- XS-Parse-Keyword, Devel-Chitin, others
(https://github.com/Perl/perl5/issues/20384): we should add a note to
perldelta explaining the breaking change
- Number-Format (https://github.com/Perl/perl5/issues/20571): it should
be adopted to make a new release
- Text-MicroMason (https://github.com/Perl/perl5/issues/21037): the
tests depend on the exact error message (this is too fragile)
This last one is definitely a release blocker:
- XML-PathScript (https://github.com/Perl/perl5/issues/21044): Rik will
send an email to the list
## Installing modules securily with Perl default install
As much as we want HTTPS support in core, we can't have it for v5.38.
However, we want a newly installed Perl + CPAN.pm to be secure by
default. Currently this is not the case because `HTTP::Tiny` does not
use SSL normally, and even when installed it does not set
`verify_SSL` to true.
`HTTP::Tiny` should be secure by default (set `verify_SSL` to true,
complain if there are no root CAs available).
CPAN.pm is a far more complex question because its code is a deep twisty
maze of years of piled-up workarounds and legacy code (FTP by default?),
and the question of "what should this do?" is far less clear-cut. More
discussions will have to be had with more people who are deeper
involved, to work out what would be best.
We should do this **ASAP**, as it is a release blocker.
--
Philippe Bruhat (BooK)
Everyone's life seems easier from the outside.
(Moral from Groo The Wanderer #45 (Epic))
After a meeting around an actual physical table at the Perl Toolchain
Summit last week, the three of us were back to our regular video calls.
The call was longer than usual, as we delved into the code of CPAN.pm.
## Release blockers for 5.038
We looked at the tickets we tagged "Release Blocker" last week, and made
some decisions.
The following issues are NOT release blockers:
- Path-Class (https://github.com/Perl/perl5/issues/20039): it's been
broken for the past 2 stable releases
- App-ClusterSSH (https://github.com/Perl/perl5/issues/20376): already
failing in 5.036, added comments in the ticket
- XS-Parse-Keyword, Devel-Chitin, others
(https://github.com/Perl/perl5/issues/20384): we should add a note to
perldelta explaining the breaking change
- Number-Format (https://github.com/Perl/perl5/issues/20571): it should
be adopted to make a new release
- Text-MicroMason (https://github.com/Perl/perl5/issues/21037): the
tests depend on the exact error message (this is too fragile)
This last one is definitely a release blocker:
- XML-PathScript (https://github.com/Perl/perl5/issues/21044): Rik will
send an email to the list
## Installing modules securily with Perl default install
As much as we want HTTPS support in core, we can't have it for v5.38.
However, we want a newly installed Perl + CPAN.pm to be secure by
default. Currently this is not the case because `HTTP::Tiny` does not
use SSL normally, and even when installed it does not set
`verify_SSL` to true.
`HTTP::Tiny` should be secure by default (set `verify_SSL` to true,
complain if there are no root CAs available).
CPAN.pm is a far more complex question because its code is a deep twisty
maze of years of piled-up workarounds and legacy code (FTP by default?),
and the question of "what should this do?" is far less clear-cut. More
discussions will have to be had with more people who are deeper
involved, to work out what would be best.
We should do this **ASAP**, as it is a release blocker.
--
Philippe Bruhat (BooK)
Everyone's life seems easier from the outside.
(Moral from Groo The Wanderer #45 (Epic))