Re^2: Building Perl and CPAN Modules Securely from Source- CPAN Minus

By early 2024, "http" was the default in cpanminus; work on making "https" the default is still ongoing: cpanminus: make cpanm secure by default #674.

Oh, also found CVE-2020-16154 remove the functionality to verify CHECKSUMS signature #638.

One day ... :-/

Comment on Re^2: Building Perl and CPAN Modules Securely from Source- CPAN Minus

Replies are listed 'Best First'.
Re^3: Building Perl and CPAN Modules Securely from Source- CPAN Minus by eyepopslikeamosquito (Archbishop) on Sep 08, 2024 at 08:39 UTC
By early 2024, "http" was the default in cpanminus; work on making "https" the default is still ongoing Good point, thanks for mentioning it. When I was writing this node back in 2023 I was kindly advised by hippo to invoke the `cpanm` command like this: $ cpanm --from https://www.cpan.org/ ... Checking my original `inst-cpanminus.tmp` log file from that node, I was relieved to see that this `cpan` command: $ cpan App::cpanminus 2>&1 \| tee inst-cpanminus.tmp always used `https` by default. So it seems this is one thing the `cpan` command does better than `cpanm`. 👁️🍾👍🦟	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^3: Building Perl and CPAN Modules Securely from Source- CPAN Minus
by eyepopslikeamosquito (Archbishop) on Sep 08, 2024 at 08:39 UTC

By early 2024, "http" was the default in cpanminus; work on making "https" the default is still ongoing

Good point, thanks for mentioning it. When I was writing this node back in 2023 I was kindly advised by hippo to invoke the cpanm command like this:

$ cpanm --from https://www.cpan.org/ ...

Checking my original inst-cpanminus.tmp log file from that node, I was relieved to see that this cpan command:

$ cpan App::cpanminus 2>&1 | tee inst-cpanminus.tmp

always used https by default. So it seems this is one thing the cpan command does better than cpanm.

👁️🍾👍🦟

[reply]
[d/l]
[select]