22 Aug 2022 |
stigo | Well, there is a lot less "conformity" in Perl and a longer history than most repos. | 10:43:18 |
stigo | So you'll find quite a bit of weird stuff | 10:43:37 |
@janne.hess:helsinki-systems.de | Yeah, it was a wild ride | 10:43:47 |
stigo | I can imagine | 10:43:52 |
stigo | This repo is also useful if you want to grep trough, or otherwise process, the source of all latest modules: https://github.com/metacpan/metacpan-cpan-extracted | 10:45:05 |
stigo | Been trying to figure out how far the HTTP::Tiny SSL rabbithole goes | 10:47:14 |
@janne.hess:helsinki-systems.de | In reply to @stigo:matrix.org Been trying to figure out how far the HTTP::Tiny SSL rabbithole goes Any idea yet? | 10:47:26 |
stigo | Yeah, seems to go a bit far | 10:47:37 |
@janne.hess:helsinki-systems.de | In reply to @stigo:matrix.org This repo is also useful if you want to grep trough, or otherwise process, the source of all latest modules: https://github.com/metacpan/metacpan-cpan-extracted For me, fastapi worked well enough (apart from some varnish errors) | 10:47:44 |
@janne.hess:helsinki-systems.de | In reply to @stigo:matrix.org Yeah, seems to go a bit far who would've thought :D | 10:48:54 |
stigo | Since it's a design decision not to verify ssl by default, apparently, I don't think these issues qualify being vulnerabilities with embargos end stuff, but who knows | 10:48:55 |
stigo | Hoping to help push upstream in the right direction (to enable verification) by putting some light on the situation | 10:49:50 |
stigo | Janne Heß: btw, can we add your license work to the errata somehow? | 10:54:17 |
@janne.hess:helsinki-systems.de | In reply to @stigo:matrix.org Janne Heß: btw, can we add your license work to the errata somehow? We could try to extract it from nix. As most of the work was done manually, there is no method/script I could publish | 11:00:20 |
@janne.hess:helsinki-systems.de | my mapping for licenses that were not ambigous was:
mit → mit
apache_2_0 → asl20
artistic_1 → artistic1
artistic_2 → artistic2
perl_5 → artistic1 gpl1Plus
| 11:03:08 |
@janne.hess:helsinki-systems.de | That's all there was. The rest is:
unknown
| 11:03:22 |
@janne.hess:helsinki-systems.de | * That's all there was. The rest is:
unknown
lgpl_2_1
lgpl_3_0
open_source
unrestricted
gpl_1
gpl_2
gpl3_3
bsd
| 11:03:40 |
@janne.hess:helsinki-systems.de | * That's all there was. The rest (not-mappable) is:
unknown
lgpl_2_1
lgpl_3_0
open_source
unrestricted
gpl_1
gpl_2
gpl3_3
bsd
| 11:03:58 |
@janne.hess:helsinki-systems.de | ah there was (of course) also things that were both unknown and perl_5 | 11:04:28 |
stigo | Ok, I can look at parsing the nix file and putting any differences back into errata.conf | 11:17:28 |
stigo | Janne Heß: if you want some extra weirdness, look at Lingua::tlhInganHol::yIghun :P | 11:21:17 |
@janne.hess:helsinki-systems.de | In reply to @stigo:matrix.org Janne Heß: if you want some extra weirdness, look at Lingua::tlhInganHol::yIghun :P at least the license is specified | 11:30:08 |
@qbit:tapenet.org | what's the advantage of changing the meta = with lib; { to use with lib inside the meta block? | 13:31:36 |
@janne.hess:helsinki-systems.de | consistency | 13:31:48 |
@qbit:tapenet.org | in 187842 | 13:31:51 |
@qbit:tapenet.org | ok | 13:31:52 |
@qbit:tapenet.org | :D | 13:33:01 |
@janne.hess:helsinki-systems.de | In reply to @qbit:tapenet.org :D to answer your question: it was partially generated but most of the work was by hand as there is no consistency. took me a bit over one day all in all | 13:37:00 |
@qbit:tapenet.org | no wonder you wern't having a good time :D | 13:37:52 |
@janne.hess:helsinki-systems.de | I almost dropped the branch multiple times :D | 13:38:10 |