develooper Front page | | Postings from February 2015

Re: HTTPS, CPAN, and dist integrity

Thread Previous | Thread Next
Michiel Beijen
February 4, 2015 12:41
Re: HTTPS, CPAN, and dist integrity
Message ID:
Hi David,

On Wed, Feb 4, 2015 at 12:46 PM, David Cantrell <> wrote:

> Having a zillion mirrors is no longer a killer feature - the net is now
> much better connected, bandwidth is cheap, and site reliability is much
> higher than it used to be. However, the ability to easily create a
> mirror is still a nifty feature. It makes it dead easy to:
> * have a mirror on my laptop for hacking on the move;
> * have a customised module repository where all the normal tools "just
>   work"
> The latter is really important. It lets companies add their non-public
> code to a CPAN mirror-a-like. It lets you "pin" some of your
> dependencies to particular versions. It lets you do things like the
> cpXXXan.

I'm not saying that all mirrors should go, and I'm not saying that you
should not be able to insert your own servers (or file locations) in
your urllist! That's a useful feature and should absolutely stay.

What I'm saying is that I think the *default* out-of-box setup should
go use some central SSL-enabled website - which now, on latest CPAN,
uses by default.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About