develooper Front page | perl.perl5.porters | Postings from May 2023

PSC #106 2023-05-05

Thread Next
From:
book
Date:
May 6, 2023 06:33
Subject:
PSC #106 2023-05-05
Message ID:
ZFX0wjX5pah6v0d8@kapow.home
Porters,

After a meeting around an actual physical table at the Perl Toolchain
Summit last week, the three of us were back to our regular video calls.
The call was longer than usual, as we delved into the code of CPAN.pm.

## Release blockers for 5.038

We looked at the tickets we tagged "Release Blocker" last week, and made
some decisions.

The following issues are NOT release blockers:
- Path-Class (https://github.com/Perl/perl5/issues/20039): it's been
  broken for the past 2 stable releases
- App-ClusterSSH (https://github.com/Perl/perl5/issues/20376): already
  failing in 5.036, added comments in the ticket
- XS-Parse-Keyword, Devel-Chitin, others
  (https://github.com/Perl/perl5/issues/20384): we should add a note to
  perldelta explaining the breaking change
- Number-Format (https://github.com/Perl/perl5/issues/20571): it should
  be adopted to make a new release
- Text-MicroMason (https://github.com/Perl/perl5/issues/21037): the
  tests depend on the exact error message (this is too fragile)

This last one is definitely a release blocker:
- XML-PathScript (https://github.com/Perl/perl5/issues/21044): Rik will
  send an email to the list

## Installing modules securily with Perl default install

As much as we want HTTPS support in core, we can't have it for v5.38.
However, we want a newly installed Perl + CPAN.pm to be secure by
default. Currently this is not the case because `HTTP::Tiny` does not
use SSL normally, and even when installed it does not set
`verify_SSL` to true.

`HTTP::Tiny` should be secure by default (set `verify_SSL` to true,
complain if there are no root CAs available).

CPAN.pm is a far more complex question because its code is a deep twisty
maze of years of piled-up workarounds and legacy code (FTP by default?),
and the question of "what should this do?" is far less clear-cut. More
discussions will have to be had with more people who are deeper
involved, to work out what would be best.

We should do this **ASAP**, as it is a release blocker.

-- 
 Philippe Bruhat (BooK)

 Everyone's life seems easier from the outside.
                                    (Moral from Groo The Wanderer #45 (Epic))
Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About