>>>>> On Fri, 5 Apr 2019 23:32:11 -0300, Alceu Rodrigues de Freitas Junior via >>>>> cpan-testers-discuss <cpan-testers-discuss@perl.org> said:
> Hello guys, > Did you have the chance to read about this backdoor found in a popular > Ruby gem? > https://www.zdnet.com/article/backdoor-code-found-in-popular-bootstrap-sass-ruby-library/ Of course I'm expecting such news every day for CPAN. > I was wandering if there is anything we could do to avoid having the > same thing happening. Of course, there is very little we could do if > something like that happened at the code repository, but there are at > least two things we could try: > 1 - Start using something like Module::Signature Yes, please, why don't you use it? For authors it is opt-in. You can start using it today and you do not disturb your users, you just help protect them. > 2 - Fix the PAUSE TLS certificate: Do you get the same for pause.perl.org? -- andreas
