Front page | perl.perl5.porters |
Postings from July 2012
On Tue, Jul 24, 2012 at 03:49:25PM +0100, Nicholas Clark wrote: > On Tue, Jul 24, 2012 at 10:32:32AM -0400, Ricardo Signes wrote: > > > > Finally, 5.16.1 is unblocked. I can't tell you how relieved I am. > > > > In the course of investigating some unrelated and spurious reports, we > > discovered a surprising little bug. In short, C< require ::foo > acted like C< > > require "/foo.pm" > instead of searching only in @INC. > > And has done this all the way back to perl 5.000 > 4.036 is not affected. > > > done, I hope to spend a little time lying atop a warm rock. > > Plenty of warn rocks in the UK right now, *finally*. Given that the previous > 3 months of rain here was caused by a wedged jetstream, does this mean that > the US heatwave is now also over? > > > Thanks for your patience during this unexpected and unexplained delay of > > maint-5.16. I think no one is more pleased than I to have things moving once > > again. > > It also makes me wonder going forward what the best way for me to account for > this on weekly reports is, given that the whole thing (a) can and does take > longer than a week (or even a month) and (b) often has sufficient hours that > it's very obvious if it shows up on a report but isn't discussed.* > > (This one emerged a month ago yesterday, and has taken quite a bit of time > to investigate.) > > It's potentially going to cause alarm if the report says "security report", > because it could be anything from "no, it's not" to "OMG, pwnies", and some > people will (understandably) suspect the worst. Whereas my impression is that > what is needed for dealing successfully with a messy issue is no publicity, > until the co-ordinated response is ready to roll. Can't you just say something like "Dealing with 'require ::foo'" (or whatever it will be the next time you're dealing with a potential security issue)? That isn't hiding or bending any truth, nor should it cause any unjust alarms. Regards, AbigailThread Previous | Thread Next