Hi, My company (and apparently a number of people from the look of the bug queue) rely on this module (https://metacpan.org/pod/Crypt::OpenSSL::RSA) on the job. However there is a critical bug in it with an outstanding patch that the current maintainer doesn't seem interested in dealing with. Here's the testers reports:
https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3 As you can see its failing to install quite consistently over the past year plus, which is due to critical security fixes in open-ssl becoming the commonly default install on most servers. This security fixed version of open-ssl does not compile with the currently released CPAN code. Here's the bug report / patch from last year: https://github.com/monken/Crypt-OpenSSL-RSA/pull/18 As you can see the patch is trivial. When I emailed the current maintainer, cpan ID 'PERLER' he at first seemed willing to do one more emergency release to get us past the current crisis. He did indeed merge the PR but has not released the code to CPAN. In the email exchange I had with him he seems to indicate that he doesn't do Perl a lot anymore and had forgotten how to upload and prep a module for CPAN. I gave him instructions via email on how to do that and offered to pair on it if he was stuck, but I never heard back (that was 2 weeks ago). Its starting to look like this is not something the current maintainer wants to deal with or has time for. Additionally its not a long term solution since he has only comaint rights and can't transfer ownership to a willing maintainer should issues arise in the future. I also emailed the current 'first-come' author 'IROBERTS' who has not responded to emails for more than 6 weeks and from reviewing the record does not seem to be active in Perl / CPAN anymore (no uploads to CPAN in more than 10 years from what I can see). This module is actually fairly important as a number of other modules related to cryptography use it. Given that I think it needs a maintainer willing to do the basics and also one that will turn it over to someone else should s/he decide to retire (someone with first-come that is willing to migrate that authority to someone else when the time comes). I'd be very willing to become first come on this and release an update since my company uses it. My CPAN id is JJNAPIORK and I've got a pretty decent track record on CPAN of doing trustworthy releases. My plan would be to release quickly a patched version of this, and also it looks like from the github pull request record that there's a number of outstanding patches that could be merged as well. Also I will contact some of the people that send patches to this code and find out if they want comaint that way there's no longer a single point of failure on this. So I'm requesting that I be granted first-come on this module. Please let me know what else I should do to make this possible. Regards, John Napiorkowski (JJNAPIORK)
