Re: Is fast-matrix.cpantesters.org dead?

The fast matrix is back up and running again. Just confirming here, though hopefully you already found out on other channels ...

FOSDEM devroom on package managers

Next year’s FOSDEM is going to have a devroom on package managers: https://lists.fosdem.org/pipermail/fosdem/2017-October/002630.html It would be great to have a talk on the “CPAN ecosystem” in this devroom. David,

Re: Open source archives hosting malicious software packages

First cut at a script to check new CPAN packages: https://github.com/neilb/cpan-watcher At the moment it just flags: Package names that are confusable with packages in other dists Package names which don’t come under the expected main package name

Re: Open source archives hosting malicious software packages

> Would anyone know of any prior art for detection of "short edit distances"? > (Perhaps even already on CPAN?) As David & Zefram pointed out, Levenshtein is the classic algorithm for this, but there are plenty of others; in the SEE ALSO for Text::Levenshtein I’ve listed at least some of the

Re: Open source archives hosting malicious software packages

>> http://www.theregister.co.uk/2017/09/15/pretend_python_packages_prey_on_poor_typing/Would >> CPAN be subject to the same problem as described in the article above? > > Yes. > > DBI::Class, for example, could be a typo for DBIx::Class or a > misremembered Class::DBI, and there's nothing

Re: Renaming the "QA Hackathon"?

Hi Salve, > Since I'm the guy that actually named the QA hackathon originally, I'll take > the liberty to share my thoughts on the matter. I hope You don't mind. :) > > "The Perl QA Hackathon" was originally named after the IRC channel: "The > #perl-qa hackathon". If you guys want to change

Renaming the "QA Hackathon"?

I’ve added a topic to the wiki page for “topics for discussion” at the QAH: Should we rename this event? Eg to “Perl QA Workshop”, or something like that. There’s a well-established definition for “hackathon” these days, and the QAH is not one of those. As a result when talking to potential

Re: Thoughts on Kik and NPM and implications for CPAN

>> PAUSE doesn’t (currently) know the river position, but if it published >> a feed of deletion-schedulings, then some third-party agent could >> monitor the feed and check for dists that are on river. I think those >> are the dists that should be alerted to modules@ […] Obviously the >> issue

Re: Thoughts on Kik and NPM and implications for CPAN

> However, we (the CPAN community) can do a lot of things after that to > mitigate any damage. I wholeheartedly agree with transferring namespace > permissions to something that the PAUSE admins control, so any random joe > cannot claim the namespace and upload whatever he likes into it (this

Re: Found rare bug in Pod::Simple

>> There are two CPAN Testers fails: >> >> http://www.cpantesters.org/cpan/report/4ddcddb1-6c58-1014-bec3-a1032b7077ee >> >> http://www.cpantesters.org/cpan/report/39970866-dd9c-11e5-a3ee-89603848fe5a > > Do you have any thoughts on why these occurred on these particular OS/Perl >

Found rare bug in Pod::Simple

Hi Marc, & CPAN Workers, I’ve been looking into the final two CPAN Testers fails, and have finally got to the bottom of them. The failing test is search50.t, and the problem is where it does the following: - call survey() to get hash of name => path - foreach name, then call

Working on Pod-Simple

A few weeks ago I mailed that I was planning to work on improving things in modules at the head of the river. The first of these is Pod::Simple. I’m slowly working towards a PR with various changes, and doing developer releases (with Marc’s permission). I’ll outline the changes here, to give

Re: Looking for prior art on conventions for dep-listing

> cpanm had --scan-deps, though it's now listed as deprecated. > > And CPAN has plenty of these sorts of things, eg. Perl::PrereqScanner App::Midgen and the midgen script were designed to determine and list prereqs of different types, in the formats expected by various things:

addressing kwalitee and other quality issues at the head of the CPAN River

I’ve been looking at CPAN distributions that have 10k+ downstream dependent distributions. There are currently just 45 such distributions: http://neilb.org/2016/01/26/river-head-quality.html I think that in general these heavyweight dists should be good examples for people to look at.

The PRC and kwalitee

Given an email I had off-list, I’ll clarify something related to the PR challenge (PRC): Through the year I had the occasional email from *authors* whose distributions had been assigned, and who got a PR that addressed kwalitee fails and nothing else. They weren’t happy with these PRs.

Re: CPAN River - water quality metric

> CPANdeps (http://deps.cpantesters.org) has been providing useful > information on water quality. It might be enough to make a better or > opinionated presentation of it for the upriver authors. IMHO META > files and min version specification depends more on when a > distribution is released and

Re: CPAN River - water quality metric

> I thought the "min perl version" is a tough metric without considering what > version of Perl it will actually run on. I would refine that metric to > "declared min perl version >= actual perl version required". Figuring out > the latter could perhaps be done via CPAN Testers -- if all of

Re: CPAN River - water quality metric

> You could try collecting up a bunch of these different metrics and then run a > regression analysis against the graph wise recursive downstream dep count for > everything on CPAN and see which metrics fall out in the real world. I might have a dabble at this, perhaps roping in help from

CPAN River - water quality metric

At the London Perl Workshop I gave a talk on the CPAN River, and how development and release practices should mature as a dist moves up river. This was prompted by the discussions we had at Berlin earlier this year. Writing the talk prompted a bunch of ideas, one of which is having a “water

Re: Measuring water quality of the CPAN river

On 11 May 2015, at 01:47, Kent Fredric kentfred...@gmail.com wrote: So the quality of a dist could be measured indirectly by the failure rate of its dependents. This was kind of the basis of the “River Smoker” idea that Tux and and I discussed late on the last day of the QAH:

Measuring water quality of the CPAN river

One of the goals of the CPAN River model is to get us to focus on cleaning up the river, starting at the headwaters first. To that end, I’ve been thinking about how we might measure “river quality”, and have written up two ideas so far:

Re: Documenting best practices and the state of ToolChain guidelines using CPAN and POD

I’ve parked it for the moment, because Gabor has said he’s working on a CPAN notification system that he’d like to add this feature to. Neil, it seems to me it is important to clarify if Gabor intends for his system to be fully and unconditionally open akin to metacpan, or is intended as

Re: Documenting best practices and the state of ToolChain guidelines using CPAN and POD

In that vein, we need some sort of Canon set of documentations, written and maintained by toolchain themselves, articulating how things /should/ be done as far as toolchain are concerned, without any sort of requirement that people adhere to it, unless they want to make toolchain happy. +N