| 15 Apr 2023 |
 hexa | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ for context | 19:12:26 |
 Alyssa Ross | didn't we already? | 19:12:27 |
| hexa | did we? | 19:13:01 |
 Janne Heß | Pretty sure | 19:13:45 |
| Alyssa Ross | the linked reddit post says we did | 19:13:49 |
| Alyssa Ross | https://github.com/NixOS/nixpkgs/pull/187480 | 19:14:03 |
| Janne Heß | https://github.com/NixOS/nixpkgs/pull/187480 | 19:14:16 |
| hexa | great! | 19:14:21 |
| Janne Heß | Ah lol | 19:14:22 |
| hexa | stigo just boosted in on mastodon, so I had to ask 😄 | 19:14:31 |
| hexa | and obviously didn't expect the post to link back to us | 19:14:43 |
 stigo | In reply to @hexa:lossy.network
stigo: is there anything we can do about HTTP:Tiny? We're safe, HTTP::Tiny is patched in nixpkgs | 20:24:55 |
| 4 May 2023 |
| stigo | Had some great discussions at a meetup with the toolchain group last week. There seems to be some consensus to change HTTP::Tiny, we're looking at using TUF for repo/author signing on CPAN, and have started a cpan security working group to make more good things happen. Open vulnerabilities are also going to be visible on metacpan.org soon hopefully. | 09:21:39 |
| stigo | * Had some great discussions at a meetup with the toolchain group last week. There seems to be some consensus to change the tls defaults in HTTP::Tiny, we're looking at using TUF for repo/author signing on CPAN, and have started a cpan security working group to make more good things happen. Open vulnerabilities are also going to be visible on metacpan.org soon hopefully. | 09:22:43 |
| stigo | There was also a good amount of Chartreuse involved :) | 09:28:41 |
| stigo | In reply to @janne.hess:helsinki-systems.de
Short of the Perl Steering Council directly asking for a change
stigo you know what to do ;)
Done :) | 09:51:35 |
| Janne Heß | It was supposed to be a joke :D | 09:52:22 |
| stigo | They haven't decided anything yet, ofc, but moving in the right direction i think. | 09:53:12 |
 @qbit:tapenet.org | :D | 12:50:40 |
| @qbit:tapenet.org | awesome | 12:50:42 |
