On Mon, 16 Mar 2020 08:28:07 -0700, Felix Lechner wrote: > Package: libplack-perl > Severity: important (Taking a random instance of the identical mass bug filing.) > Your package uses the Perl module HTTP::Tiny, but it does not force > the verify_SSL attribute to a true value. Thanks for raising this issue. I'm wondering about 2 questions: - Is is realistic to patch dozens of upstream files? - Should the default be changed in HTTP::Tiny? (In src:perl and in libhttp-tiny-perl) In Debian (or better upstream though the latter might be difficult given the texts you quote.) Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- NP: Bettina Wegner: Waffenlos
Attachment:
signature.asc
Description: Digital Signature