-=| Felix Lechner, 16.03.2020 09:56:36 -0700 |=- > > - Is is realistic to patch dozens of upstream files? > > - Should the default be changed in HTTP::Tiny? (In src:perl and in > > libhttp-tiny-perl) In Debian (or better upstream though the latter > > might be difficult given the texts you quote.) > > I pursued that route originally (although not exhaustively).
That was my first thought too. > HTTP::Tiny is apparently used in a lot of tests, which would have to > be modified. Also, the module ships as part of Perl core. Failing tests are bad, meaning they need (trivial) work to be fixed. Not being secure by default is worse, IMO. I guess it finally depends on the amount of patching needed. Any idea how many packages are we talking about? Any takers for an archive rebuild with patched perl/libhttp-tiny-perl? -- dam
