develooper Front page | perl.modules | Postings from April 2018

Fwd: Wishing to adopt https://metacpan.org/pod/Crypt::OpenSSL::RSA

Thread Next
From:
Neil Bowers
Date:
April 11, 2018 08:29
Subject:
Fwd: Wishing to adopt https://metacpan.org/pod/Crypt::OpenSSL::RSA
Message ID:
80F55233-EC6A-4E37-AB73-0B82AC21CD1A@cogendo.com
Hi Moritz,

I’m emailing you wearing my PAUSE admins hat.

John Napiorkowski would like to get co-maint on Crypt::OpenSSL::RSA, so he can do a bug fix release (see below).

If you’re happy for him to have co-maint, I can give it to him on your behalf. Is that ok?

Cheers,
Neil


> Begin forwarded message:
> 
> From: john napiorkowski <jjn1056@gmail.com>
> Subject: Wishing to adopt https://metacpan.org/pod/Crypt::OpenSSL::RSA
> Date: 10 April 2018 at 15:17:34 BST
> To: modules@perl.org
> 
> Hi,
> 
> My company (and apparently a number of people from the look of the bug queue) rely on this module (https://metacpan.org/pod/Crypt::OpenSSL::RSA <https://metacpan.org/pod/Crypt::OpenSSL::RSA>) on the job.  However there is a critical bug in it with an outstanding patch that the current maintainer doesn't seem interested in dealing with.  Here's the testers reports:
> 
> https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3 <https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3>
> 
> As you can see its failing to install quite consistently over the past year plus, which is due to critical security fixes in open-ssl becoming the commonly default install on most servers.  This security fixed version of open-ssl does not compile with the currently released CPAN code.
> 
> Here's the bug report / patch from last year:
> 
> https://github.com/monken/Crypt-OpenSSL-RSA/pull/18 <https://github.com/monken/Crypt-OpenSSL-RSA/pull/18>
> 
> As you can see the patch is trivial.
> 
> When I emailed the current maintainer, cpan ID 'PERLER' he at first seemed willing to do one more emergency release to get us past the current crisis.  He did indeed merge the PR but has not released the code to CPAN.  In the email exchange I had with him he seems to indicate that he doesn't do Perl a lot anymore and had forgotten how to upload and prep a module for CPAN.  I gave him instructions via email on how to do that and offered to pair on it if he was stuck, but I never heard back (that was 2 weeks ago).  Its starting to look like this is not something the current maintainer wants to deal with or has time for.  Additionally its not a long term solution since he has only comaint rights and can't transfer ownership to a willing maintainer should issues arise in the future.
> 
> I also emailed the current 'first-come' author 'IROBERTS' who has not  responded to emails for more than 6 weeks and from reviewing the record does not seem to be active in Perl / CPAN anymore (no uploads to CPAN in more than 10 years from what I can see).
> 
> This module is actually fairly important as a number of other modules related to cryptography use it.  Given that I think it needs a maintainer willing to do the basics and also one that will turn it over to someone else should s/he decide to retire (someone with first-come that is willing to migrate that authority to someone else when the time comes).  I'd be very willing to become first come on this and release an update since my company uses it. My CPAN id is JJNAPIORK and I've got a pretty decent track record on CPAN of doing trustworthy releases.  My plan would be to release quickly a patched version of this, and also it looks like from the github pull request record that there's a number of outstanding patches that could be merged as well.  Also I will contact some of the people that send patches to this code and find out if they want comaint that way there's no longer a single point of failure on this.  So I'm requesting that I be granted first-come on this module.
> 
> Please let me know what else I should do to make this possible.
> 
> Regards,
> 
> John Napiorkowski (JJNAPIORK)

Cogendo

T: +44 7880 741899
W: www.cogendo.com
M: neil.bowers@cogendo.com <mailto:neil.bowers@cogendo.com>

Cogendo is the trading name of Cogendo Limited, Registered in England & Wales, company no. 8944534. 
Registered office: 51 West Street, Marlow, Buckinghamshire. SL7 2LS.


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About