Bug#954089: libplack-perl: Please verify server identity via SSL
gregor herrmann
gregoa at debian.org
Fri May 15 20:14:35 BST 2020
On Thu, 19 Mar 2020 14:39:13 +0200, Damyan Ivanov wrote:
> > > But to fully measure the impact, it would be nice to have the number
> > > of failing packages built with a patched HTTP::Tiny.
> > I have one small concern: As the change is about checking remote SSL
> > certs, and tests don't/can't/must not call out to the internet, is it
> > possible that we won't really catch all potential issues?
> Noted. The test rebuilds should be done without the usual isolation
> from the Internet.
> I guess a closer inspection of the affected packages is needed.
Hi Dam and all,
did you or anyone else get to look into this rebuild effort?
If not, Dom said that he could also try the rebuilds on
perl.debian.net.
Notes:
- HTTP::Tiny is in perl core and in libhttp-tiny-perl;
- The required change looks like a one-character-patch:
lib/HTTP/Tiny.pm: verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default
- The tests should be run with internet enabled as much as possible.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Simon & Garfunkel: Blessed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20200515/638b1cdf/attachment.sig>
More information about the pkg-perl-maintainers
mailing list