Em 06/04/2019 03:27, Andreas Koenig escreveu:
> I was wandering if there is anything we could do to avoid having the
> same thing happening. Of course, there is very little we could do if
> something like that happened at the code repository, but there are at
> least two things we could try:
> 1 - Start using something like Module::Signature
Yes, please, why don't you use it? For authors it is opt-in. You can
start using it today and you do not disturb your users, you just help
protect them.
I do remember issues by using it in distant past.
Checkign again the documentation on CPAN it makes it clear why I dropped it:
"While this is generally considered a good thing, it is not always
convenient to the end user to install modules that are signed
incorrectly or where the key of the author is not available or where
some prerequisite for Module::Signature has a bug and so on."
Not sure how the standard smoker would act when such things happens and
if the distribution is only marked as failed.
Went through the CPAN Testers Matrix and it is not looking good:
http://matrix.cpantesters.org/?dist=Module-Signature+0.83
> 2 - Fix the PAUSE TLS certificate:
Do you get the same for pause.perl.org?
Nope, that one worked as expected.
