Front page | perl.perl5.porters |
Postings from February 2020
(I don't speak up often, so forgive me.) This feels like a letter vs. spirit of the law question, and the reason I say that is that the behavior being forbidden was already being warned about - we're upgrading a warning to an error in some cases of the warning. Said reworking would be to literally not do the cherry-pick, because of that - at least as I see it. But yes, that's impolite to us users without a good reason in a maint release - but not strongly so. I would ask if this commit was attached to a CVE, or something else security related, which would be a good enough reason... and I could easily see the answer being yes, but let's document said yes answer, if that is the case. If not, I would not vote for it, due to the policy, if I was one of the people voting - but I'm not a committer, so call my vote a -0. --Curtis Jewell On Fri, Feb 7, 2020, at 11:08, Steve Hay via perl5-porters wrote: > The following commit has been proposed for 5.30.2: > > https://perl5.git.perl.org/perl5.git/commit/ac3afc4b35675aec55918770197358190f78 > regcomp.c: make \K+ and \K* illegal. > > However, it adds a new fatal error, which we undertake not to do in > maint releases (see perlpolicy.pod). > > Unless there is some overriding (security-based) need to have it then I > think we should not, at least in its current form. > > If it really is an essential fix to include then is there some way to > rework it that retains the fix itself but without introducing the new > error? -- Curtis Jewell csjewell@cpan.org http://csjewell.dreamwidth.org/ perl@curtisjewell.name http://www.curtisjewell.name/ "Your random numbers are not that random" -- perl-5.10.1.tar.gz/util.cThread Previous | Thread Next