On 12 February 2017 at 15:08, Sawyer X <xsawyerx@gmail.com> wrote: > Hi everyone, > > As we are approaching our latest stable stable release updates (5.24.2 > and 5.22.4), we intended to resolve base.pm. Here is our update on this. > > > We originally had a more aggressive patch to base.pm, but with the > suggestion of Michael Schroeder, Aristotle had started work on an > alternative, more accurate patch. This work is available in the > following branch: > > ap/baseincguard > > > (Aristotle has hit a snag in an edge case he could explain better than > I, and is happy to receive any assistance on resolving it.) > > As this patch is still superior to our more canvas approach originally > intended, we will be merging it instead. If anyone has any suggestions > or comments, this is a good time. > > I must, however, assure you that "Not patching at all" will not be > regarded as a possible action-plan, no matter how long and exhausting > the email content might be, as security is taking precedence here, and > this has been clarified several times before. :) > > Unless any comments, patches or suggestions appear then I'm planning on making RC1 releases this weekend (containing the work in ap/baseincguard, plus a couple of other security fixes already merged into the maint branches), with final releases a fortnight later if no problems requiring an RC2 come to light. (The long-awaited 5.24.3, containing the usual round-up of patches from blead that are suitable for backporting to a maint release will then follow soonish after that, although there is unfortunately quite a backlog of backporting to get through now due to the delays in resolving the @INC issues.)Thread Previous | Thread Next