develooper Front page | perl.qa | Postings from February 2015

Re: HTTPS, CPAN, and dist integrity

Thread Previous | Thread Next
From:
Michiel Beijen
Date:
February 4, 2015 12:41
Subject:
Re: HTTPS, CPAN, and dist integrity
Message ID:
CABD0r13zJiN6oeOk1wZo+Hxv6fhbvhseAWgRgoJXgknqg+XGDA@mail.gmail.com
Hi David,

On Wed, Feb 4, 2015 at 12:46 PM, David Cantrell <david@cantrell.org.uk> wrote:

> Having a zillion mirrors is no longer a killer feature - the net is now
> much better connected, bandwidth is cheap, and site reliability is much
> higher than it used to be. However, the ability to easily create a
> mirror is still a nifty feature. It makes it dead easy to:
>
> * have a mirror on my laptop for hacking on the move;
> * have a customised module repository where all the normal tools "just
>   work"
>
> The latter is really important. It lets companies add their non-public
> code to a CPAN mirror-a-like. It lets you "pin" some of your
> dependencies to particular versions. It lets you do things like the
> cpXXXan.

I'm not saying that all mirrors should go, and I'm not saying that you
should not be able to insert your own servers (or file locations) in
your urllist! That's a useful feature and should absolutely stay.

What I'm saying is that I think the *default* out-of-box setup should
go use some central SSL-enabled website - which now, on latest CPAN,
uses http://www.cpan.org by default.
--
Michiel

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About