Re: Bug#954089: libplack-perl: Please verify server identity via SSL

To: Felix Lechner <felix.lechner@lease-up.com>
Cc: gregor herrmann <gregoa@debian.org>, 954089@bugs.debian.org, Paul Wise <pabs@debian.org>, Moritz Muehlenhoff <jmm@debian.org>, Debian Perl Mailing List <debian-perl@lists.debian.org>
Subject: Re: Bug#954089: libplack-perl: Please verify server identity via SSL
From: Damyan Ivanov <dmn@debian.org>
Date: Mon, 16 Mar 2020 19:29:37 +0200
Message-id: <[🔎] 20200316172937.neum4wuddxa2vdyk@fbd7c150-3361-11e8-8c11-5badabdd4a8d>
In-reply-to: <[🔎] CAFHYt57_PviNOHYpOH2kE-HiT1KJrpTPmW-sb6O14o-1_7nUcg@mail.gmail.com>
References: <CAFHYt55BmsvEZAMTnUDot6AxCSFk6FYg4DGtGMXBagts_L+_-A@mail.gmail.com> <[🔎] 20200316163516.GA18598@jadzia.comodo.priv.at> <[🔎] CAFHYt57_PviNOHYpOH2kE-HiT1KJrpTPmW-sb6O14o-1_7nUcg@mail.gmail.com>

-=| Felix Lechner, 16.03.2020 09:56:36 -0700 |=-
> > - Is is realistic to patch dozens of upstream files?
> > - Should the default be changed in HTTP::Tiny? (In src:perl and in
> >   libhttp-tiny-perl) In Debian (or better upstream though the latter
> >   might be difficult given the texts you quote.)
> 
> I pursued that route originally (although not exhaustively).

That was my first thought too.

> HTTP::Tiny is apparently used in a lot of tests, which would have to
> be modified. Also, the module ships as part of Perl core.

Failing tests are bad, meaning they need (trivial) work to be fixed. 
Not being secure by default is worse, IMO.

I guess it finally depends on the amount of patching needed. Any idea 
how many packages are we talking about? Any takers for an archive 
rebuild with patched perl/libhttp-tiny-perl?

-- dam

Reply to:

Follow-Ups:
- Re: Bug#954089: libplack-perl: Please verify server identity via SSL
  - From: Felix Lechner <felix.lechner@lease-up.com>

References:
- Re: Bug#954089: libplack-perl: Please verify server identity via SSL
  - From: gregor herrmann <gregoa@debian.org>
- Re: Bug#954089: libplack-perl: Please verify server identity via SSL
  - From: Felix Lechner <felix.lechner@lease-up.com>

Prev by Date: Re: Bug#954089: libplack-perl: Please verify server identity via SSL
Next by Date: Re: Bug#954089: libplack-perl: Please verify server identity via SSL
Previous by thread: Re: Bug#954089: libplack-perl: Please verify server identity via SSL
Next by thread: Re: Bug#954089: libplack-perl: Please verify server identity via SSL
Index(es):
- Date
- Thread