-
Once the cpan security charter is complete, we should include it on the website.
-
OWASP recommends that organizations adopt an [Open Source Policy](https://scvs.owasp.org/scvs/guidance-open-source-policy/) that takes Open Source dependencies into their security considerations.
I'm…
-
How does one join the CPAN Security group?
For now we don't have a formal process, so no vetting or chain of trust.
-
If a module version is flagged by [CPAN::Audit](https://metacpan.org/pod/CPAN::Audit), then it might be helpful to see something in the UI for a module to indicate that it might have security issues, …
-
All published security advisories should be listed and searchable on the website.
-
I've been away from perl development for many, many years, but I'm wondering if there is really missed any possibility to check installed CPAN modules for reported security problems and update the mod…
-
Compiling Perl and running ```./perl harness``` in directory ```t``` yields
```
uid=NNN topuid=10 euid=MMMM path='/afs/desy.de/user/d' at ../../lib/File/Temp.pm line 688.
File::Temp::_is_…
djzhh updated
5 months ago
-
Perl-5.36.0 defaults to `pushy_https = 1`, and with this setting CPAN refuses to use any mirror configured in `urllist`.
I think we should add `o conf pushy_https 0` into the help. (Maybe we also n…
-
How to build and run the website. This is specially important if the site involves actual code, for example to search/filter through the CPAN security advisories.
garu updated
6 months ago
-
I am trying to package slimserver for [NixOS](http://nixos.org/). However, I noticed that the repository contains a great amount of copied CPAN libraries. This makes it difficult to package slimserver…