Bug#954089: libplack-perl: Please verify server identity via SSL
Damyan Ivanov
dmn at debian.org
Mon Mar 16 17:29:37 GMT 2020
-=| Felix Lechner, 16.03.2020 09:56:36 -0700 |=-
> > - Is is realistic to patch dozens of upstream files?
> > - Should the default be changed in HTTP::Tiny? (In src:perl and in
> > libhttp-tiny-perl) In Debian (or better upstream though the latter
> > might be difficult given the texts you quote.)
>
> I pursued that route originally (although not exhaustively).
That was my first thought too.
> HTTP::Tiny is apparently used in a lot of tests, which would have to
> be modified. Also, the module ships as part of Perl core.
Failing tests are bad, meaning they need (trivial) work to be fixed.
Not being secure by default is worse, IMO.
I guess it finally depends on the amount of patching needed. Any idea
how many packages are we talking about? Any takers for an archive
rebuild with patched perl/libhttp-tiny-perl?
-- dam
More information about the pkg-perl-maintainers
mailing list