develooper Front page | perl.perl5.porters | Postings from December 2012

Re: cPanel version of "Storable 2.39_01" breaks backwardscompatibility

Thread Previous
Alex Vandiver
December 26, 2012 23:15
Re: cPanel version of "Storable 2.39_01" breaks backwardscompatibility
Message ID:
On Wed, 2012-12-26 at 15:45 -0600, Todd Rinaldo wrote:
> The upcoming release will include perl 5.14.3 provided as a set of RPMs
> installed to the prefix /usr/local/cpanel/3rdparty/perl/514. We are
> working to step away from messing with /usr/bin/perl since it breaks
> what CentOS can and can't install. 

To make sure I understand you correctly -- you mean the upcoming January
release will ship with a stock /usr/bin/perl, and cPanel will run out of
its own perl installed into /usr/local/cpanel/3rdparty/perl/514 ?

> We will ship a patched version of Storable based on 2.39 (2.40 is just
> a doc release, right?).

2.40 is a doc release, yes.  However, it documents the vulnerability in
question, so I find it surprising that you would not build upon that.
Implicit in this statement of shipping a patched version of Storable is
that you intend to privately fork Storable again, merely starting from
2.39 this time.  Can you explain the rationale behind not submitting
those patches to the core Storable, so that you can ship an official

We will likely be suggesting that cPanel customers install a separate
perl for RT; of course, due to other vendor problems (Scalar::Util
shipped without weaken, Sys::Syslog or File::Temp being forcibly
downgraded by yum, etc), we oft-times already suggest that.
 - Alex

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About