Hi Moritz,

I’m emailing you wearing my PAUSE admins hat.

John Napiorkowski would like to get co-maint on Crypt::OpenSSL::RSA, so he can 
do a bug fix release (see below).

If you’re happy for him to have co-maint, I can give it to him on your behalf. 
Is that ok?


> Begin forwarded message:
> From: john napiorkowski <jjn1...@gmail.com>
> Subject: Wishing to adopt https://metacpan.org/pod/Crypt::OpenSSL::RSA
> Date: 10 April 2018 at 15:17:34 BST
> To: modules@perl.org
> Hi,
> My company (and apparently a number of people from the look of the bug queue) 
> rely on this module (https://metacpan.org/pod/Crypt::OpenSSL::RSA 
> <https://metacpan.org/pod/Crypt::OpenSSL::RSA>) on the job.  However there is 
> a critical bug in it with an outstanding patch that the current maintainer 
> doesn't seem interested in dealing with.  Here's the testers reports:
> https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3
> <https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3>
> As you can see its failing to install quite consistently over the past year 
> plus, which is due to critical security fixes in open-ssl becoming the 
> commonly default install on most servers.  This security fixed version of 
> open-ssl does not compile with the currently released CPAN code.
> Here's the bug report / patch from last year:
> https://github.com/monken/Crypt-OpenSSL-RSA/pull/18 
> <https://github.com/monken/Crypt-OpenSSL-RSA/pull/18>
> As you can see the patch is trivial.
> When I emailed the current maintainer, cpan ID 'PERLER' he at first seemed 
> willing to do one more emergency release to get us past the current crisis.  
> He did indeed merge the PR but has not released the code to CPAN.  In the 
> email exchange I had with him he seems to indicate that he doesn't do Perl a 
> lot anymore and had forgotten how to upload and prep a module for CPAN.  I 
> gave him instructions via email on how to do that and offered to pair on it 
> if he was stuck, but I never heard back (that was 2 weeks ago).  Its starting 
> to look like this is not something the current maintainer wants to deal with 
> or has time for.  Additionally its not a long term solution since he has only 
> comaint rights and can't transfer ownership to a willing maintainer should 
> issues arise in the future.
> I also emailed the current 'first-come' author 'IROBERTS' who has not  
> responded to emails for more than 6 weeks and from reviewing the record does 
> not seem to be active in Perl / CPAN anymore (no uploads to CPAN in more than 
> 10 years from what I can see).
> This module is actually fairly important as a number of other modules related 
> to cryptography use it.  Given that I think it needs a maintainer willing to 
> do the basics and also one that will turn it over to someone else should s/he 
> decide to retire (someone with first-come that is willing to migrate that 
> authority to someone else when the time comes).  I'd be very willing to 
> become first come on this and release an update since my company uses it. My 
> CPAN id is JJNAPIORK and I've got a pretty decent track record on CPAN of 
> doing trustworthy releases.  My plan would be to release quickly a patched 
> version of this, and also it looks like from the github pull request record 
> that there's a number of outstanding patches that could be merged as well.  
> Also I will contact some of the people that send patches to this code and 
> find out if they want comaint that way there's no longer a single point of 
> failure on this.  So I'm requesting that I be granted first-come on this 
> module.
> Please let me know what else I should do to make this possible.
> Regards,
> John Napiorkowski (JJNAPIORK)


T: +44 7880 741899
W: www.cogendo.com
M: neil.bow...@cogendo.com <mailto:neil.bow...@cogendo.com>

Cogendo is the trading name of Cogendo Limited, Registered in England & Wales, 
company no. 8944534. 
Registered office: 51 West Street, Marlow, Buckinghamshire. SL7 2LS.

Reply via email to