Hi Moritz, I’m emailing you wearing my PAUSE admins hat.
John Napiorkowski would like to get co-maint on Crypt::OpenSSL::RSA, so he can do a bug fix release (see below). If you’re happy for him to have co-maint, I can give it to him on your behalf. Is that ok? Cheers, Neil > Begin forwarded message: > > From: john napiorkowski <jjn1...@gmail.com> > Subject: Wishing to adopt https://metacpan.org/pod/Crypt::OpenSSL::RSA > Date: 10 April 2018 at 15:17:34 BST > To: modules@perl.org > > Hi, > > My company (and apparently a number of people from the look of the bug queue) > rely on this module (https://metacpan.org/pod/Crypt::OpenSSL::RSA > <https://metacpan.org/pod/Crypt::OpenSSL::RSA>) on the job. However there is > a critical bug in it with an outstanding patch that the current maintainer > doesn't seem interested in dealing with. Here's the testers reports: > > https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3 > > <https://www.cpantesters.org/distro/C/Crypt-OpenSSL-RSA.html?oncpan=1&distmat=1&version=0.28&grade=3> > > As you can see its failing to install quite consistently over the past year > plus, which is due to critical security fixes in open-ssl becoming the > commonly default install on most servers. This security fixed version of > open-ssl does not compile with the currently released CPAN code. > > Here's the bug report / patch from last year: > > https://github.com/monken/Crypt-OpenSSL-RSA/pull/18 > <https://github.com/monken/Crypt-OpenSSL-RSA/pull/18> > > As you can see the patch is trivial. > > When I emailed the current maintainer, cpan ID 'PERLER' he at first seemed > willing to do one more emergency release to get us past the current crisis. > He did indeed merge the PR but has not released the code to CPAN. In the > email exchange I had with him he seems to indicate that he doesn't do Perl a > lot anymore and had forgotten how to upload and prep a module for CPAN. I > gave him instructions via email on how to do that and offered to pair on it > if he was stuck, but I never heard back (that was 2 weeks ago). Its starting > to look like this is not something the current maintainer wants to deal with > or has time for. Additionally its not a long term solution since he has only > comaint rights and can't transfer ownership to a willing maintainer should > issues arise in the future. > > I also emailed the current 'first-come' author 'IROBERTS' who has not > responded to emails for more than 6 weeks and from reviewing the record does > not seem to be active in Perl / CPAN anymore (no uploads to CPAN in more than > 10 years from what I can see). > > This module is actually fairly important as a number of other modules related > to cryptography use it. Given that I think it needs a maintainer willing to > do the basics and also one that will turn it over to someone else should s/he > decide to retire (someone with first-come that is willing to migrate that > authority to someone else when the time comes). I'd be very willing to > become first come on this and release an update since my company uses it. My > CPAN id is JJNAPIORK and I've got a pretty decent track record on CPAN of > doing trustworthy releases. My plan would be to release quickly a patched > version of this, and also it looks like from the github pull request record > that there's a number of outstanding patches that could be merged as well. > Also I will contact some of the people that send patches to this code and > find out if they want comaint that way there's no longer a single point of > failure on this. So I'm requesting that I be granted first-come on this > module. > > Please let me know what else I should do to make this possible. > > Regards, > > John Napiorkowski (JJNAPIORK) Cogendo T: +44 7880 741899 W: www.cogendo.com M: neil.bow...@cogendo.com <mailto:neil.bow...@cogendo.com> Cogendo is the trading name of Cogendo Limited, Registered in England & Wales, company no. 8944534. Registered office: 51 West Street, Marlow, Buckinghamshire. SL7 2LS.
