-=| gregor herrmann, 25.05.2022 22:24:09 +0200 |=-
> On Sun, 07 Jun 2020 17:45:41 +0100, Dominic Hargreaves wrote:
>
> > Correction, given the amount of time that's passed and that I'm not
> > even sure if the person who responded negatively on the previous
> > issue speaks for the current maintai
On Sun, 07 Jun 2020 17:45:41 +0100, Dominic Hargreaves wrote:
> Correction, given the amount of time that's passed and that I'm not
> even sure if the person who responded negatively on the previous
> issue speaks for the current maintainers, I have opened a new issue:
>
> https://github.com/chan
On Sunday, 24 May 2020 20:00:28 CEST gregor herrmann wrote:
> > So, what are people's thoughts? Do we want to take this position
> > and change the default in Debian? Extending distribution to debian-perl
> > for wider visibility.
>
> A tentative "yes" from me :)
A more firm "yes" from me ;-)
>
Control: forwarded 954089 https://github.com/chansen/p5-http-tiny/issues/134
Control: forwarded 962407 https://github.com/chansen/p5-http-tiny/issues/134
On Sun, Jun 07, 2020 at 05:22:21PM +0100, Dominic Hargreaves wrote:
> Control: reassign -1 src:perl
> Control: retitle -1 perl: Default HTTP::Ti
Control: reassign -1 src:perl
Control: retitle -1 perl: Default HTTP::Tiny to verifying SSL certificates
On Sun, May 24, 2020 at 08:00:28PM +0200, gregor herrmann wrote:
> On Sun, 24 May 2020 17:38:54 +0100, Dominic Hargreaves wrote:
>
> > I rebuilt perl with the patch at [1] and rebuild perl dep
On Sun, 24 May 2020 17:38:54 +0100, Dominic Hargreaves wrote:
> I rebuilt perl with the patch at [1] and rebuild perl dependencies
> against it, and did not see any related failures [2].
Thanks alot!
> So, what are people's thoughts? Do we want to take this position
> and change the default in
On Wed, May 20, 2020 at 11:02:20PM +0100, Dominic Hargreaves wrote:
> Hello everyone, I just caught up with this. (Side note - please don't
> assume I will see a message sent to a random pkg-perl bug report[1].)
>
> On Sun, May 17, 2020 at 06:39:34PM +0300, Damyan Ivanov wrote:
> > -=| gregor herr
Hello everyone, I just caught up with this. (Side note - please don't
assume I will see a message sent to a random pkg-perl bug report[1].)
On Sun, May 17, 2020 at 06:39:34PM +0300, Damyan Ivanov wrote:
> -=| gregor herrmann, 15.05.2020 21:14:35 +0200 |=-
> > On Thu, 19 Mar 2020 14:39:13 +0200, Da
-=| gregor herrmann, 15.05.2020 21:14:35 +0200 |=-
> On Thu, 19 Mar 2020 14:39:13 +0200, Damyan Ivanov wrote:
>
> > > > But to fully measure the impact, it would be nice to have the number
> > > > of failing packages built with a patched HTTP::Tiny.
> > > I have one small concern: As the change i
On Thu, 19 Mar 2020 14:39:13 +0200, Damyan Ivanov wrote:
> > > But to fully measure the impact, it would be nice to have the number
> > > of failing packages built with a patched HTTP::Tiny.
> > I have one small concern: As the change is about checking remote SSL
> > certs, and tests don't/can't/
-=| Felix Lechner, 18.03.2020 04:05:22 -0700 |=-
> Hi,
>
> On Wed, Mar 18, 2020 at 3:18 AM Damyan Ivanov wrote:
> >
> > Fixing the root of the problem seems better for me for two reasons:
>
> I wish I had checked with the Debian Perl team before filing the bugs.
That would have been nice, but t
On Wed, 18 Mar 2020 12:18:34 +0200, Damyan Ivanov wrote:
> Fixing the root of the problem seems better for me for two reasons:
>
> 1) fix what is broken instead of working around it in numerous places
> 2) consumers outside of Debian would benefit too
I agree, also with the rest of your mail.
Hi,
On Wed, Mar 18, 2020 at 3:18 AM Damyan Ivanov wrote:
>
> Fixing the root of the problem seems better for me for two reasons:
I wish I had checked with the Debian Perl team before filing the bugs.
> we may have a chance convincing
> HTTP::Tiny's author to flip the default
Please note the mo
-=| Felix Lechner, 16.03.2020 11:34:51 -0700 |=-
> On Mon, Mar 16, 2020 at 10:29 AM Damyan Ivanov
> wrote:
> >
> > Any idea how many packages are we talking about?
>
> Below is my working list for filing bugs. It is based on a full text
> search from codesearch.d.n.
> …
I count 30 packages that
Hi Damyan,
On Mon, Mar 16, 2020 at 10:29 AM Damyan Ivanov wrote:
>
> Any idea how many packages are we talking about?
Below is my working list for filing bugs. It is based on a full text
search from codesearch.d.n.
My designations may not be entirely consistent, but in general 'good'
means that
-=| Felix Lechner, 16.03.2020 09:56:36 -0700 |=-
> > - Is is realistic to patch dozens of upstream files?
> > - Should the default be changed in HTTP::Tiny? (In src:perl and in
> > libhttp-tiny-perl) In Debian (or better upstream though the latter
> > might be difficult given the texts you quot
Hi Gregor,
On Mon, Mar 16, 2020 at 9:35 AM gregor herrmann wrote:
>
> (Taking a random instance of the identical mass bug filing.)
Many are very similar, but not all are identical.
> - Is is realistic to patch dozens of upstream files?
> - Should the default be changed in HTTP::Tiny? (In src:pe
On Mon, 16 Mar 2020 08:28:07 -0700, Felix Lechner wrote:
> Package: libplack-perl
> Severity: important
(Taking a random instance of the identical mass bug filing.)
> Your package uses the Perl module HTTP::Tiny, but it does not force
> the verify_SSL attribute to a true value.
Thanks for rais
Package: libplack-perl
Severity: important
Dear maintainer,
Your package uses the Perl module HTTP::Tiny, but it does not force
the verify_SSL attribute to a true value.
By default, HTTP::Tiny does not validate the identity of server
certificates. The documentation states that "Server identity
v
19 matches
Mail list logo
