Bug#954089: libplack-perl: Please verify server identity via SSL
gregor herrmann
gregoa at debian.org
Mon Mar 16 16:35:16 GMT 2020
On Mon, 16 Mar 2020 08:28:07 -0700, Felix Lechner wrote:
> Package: libplack-perl
> Severity: important
(Taking a random instance of the identical mass bug filing.)
> Your package uses the Perl module HTTP::Tiny, but it does not force
> the verify_SSL attribute to a true value.
Thanks for raising this issue.
I'm wondering about 2 questions:
- Is is realistic to patch dozens of upstream files?
- Should the default be changed in HTTP::Tiny? (In src:perl and in
libhttp-tiny-perl) In Debian (or better upstream though the latter
might be difficult given the texts you quote.)
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Bettina Wegner: Waffenlos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20200316/095ad018/attachment-0001.sig>
More information about the pkg-perl-maintainers
mailing list