Package: libanyevent-irc-perl Version: 0.97-2 Control: tag -1 + upstream AnyEvent::IRC supports connecting to IRC servers over TLS. When connecting, though, it does not verify that server certificates are valid. An invalid TLS certificate is better than no TLS at all, but users (and many developers) have come to expect that a successful TLS connection guarantees confidentiality, authenticity, and integrity even in the face of active interception. AnyEvent::IRC’s behavior is inconsistent with that expectation.
Ideally, AnyEvent::IRC would refuse to connect to a server unless that server presents a valid TLS certificate or the API consumer has explicitly opted out of certificate verification. If backward compatibility is a concern, AnyEvent::IRC could could preserve the existing behavior by default but allow API consumers to opt in to certificate verification; this is a smaller improvement, but it would be an improvement nonetheless.