develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
gregor herrmann
June 17, 2022 00:16
Re: Pre-RFC: support https out-of-the-box
Message ID:
On Wed, 15 Jun 2022 02:52:01 +0000, Oodler 577 via perl5-porters wrote:

> > options:
> >  1. bundle modules, look for openssl (and poss other libs)
> >  2. bundle an SSL lib and modules such as Mbed TLS, WolfSSL
> >  3. Go with Curl, as it can work with a range of SSL libraries
> >  4. work with various SSL programs (wget, curl, etc)
> >  5. anything else?
> As a user, concur that #1 seems to be the most reasonable, with the caveat
> that IO::Socket::SSL provided by MAJOR packages be factored in somehow. I suspect
> distros like Debian/Ubuntu would necessarily want to strip this out somehow
> given they strip out things like perldoc into separate packages. But, knowing
> that my opinion means nothing, I'd place much more emphasis on opinions pkg folks
> from Debian, OpenBSD, FreeBSD, and pkgsrc (NetBSD), etc

I can't speak for Niko and Dom, who are the maintainers of perl
itself in Debian (but they're subscribed here, so can add to my
comments), still some thought from a CPAN->Debian packager:

* Having TLS/https in perl sounds nice.
* We are not packaging Mozilla::CA, because we have the very same
  certs in the ca-certificates package (and duplication, skew,
  duplicate efforts, security updates, you name it).
  When a CPAN dist requires Mozilla::CA we patch it, and I'm pretty
  sure the same would happen if perl included Mozilla::CA
  So for us any solution which probes for CA certs or has a configure
  option or whatever would be nice.
* This whole discussion about HTTPS is completely in vain, as long as
  HTTP::Tiny doesn't verify the certificates.


 .''`. -- Debian Developer
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About