Re: p5-libwww

To: "S.P.Zeidler" <spz%serpens.de@localhost>
Subject: Re: p5-libwww
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Thu, 14 Jul 2011 14:34:54 +0200

On Wed, Jul 13, 2011 at 09:59:55PM +0200, S.P.Zeidler wrote:
> 5.837 is the last '5' version, the '6' versions have a bunch of moduls
> split out. I recently packaged these new modules, so that all dependencies
> for p5-libwww-6.02 are already present.

Are there conflicts between the separate packages and p5-libwww-5?

> Formally, p5-libwww-6.02 does not depend on p5-LWP-Protocol-https,
> but p5-libwww-5.837 contained https capability. That's the reason it
> reports as vulnerable in fact:
> p5-libwww-5.837 wasn't too picky about the certs it got, ie it did
> encryption but not really verification. p5-LWP-Protocol-https by default
> checks the certificate, or fails if it can't when e.g. there is no CA cert
> for the certificate in question. One can tell it to not verify by setting
> the environment variable PERL_LWP_SSL_VERIFY_HOSTNAME to 0.
> 
> So, update p5-libwww? with or without p5-LWP-Protocol-https as package
> dependency?

I think we should not make it depend on p5-LWP-Protocol-https.
If packages need the functionality, we can add the dependency there.
 Thomas

Follow-Ups:
- Re: p5-libwww
  - From: S.P.Zeidler

References:
- p5-libwww
  - From: S.P.Zeidler

Prev by Date: daily pkgsrc CVS update output
Next by Date: pkg-config-0.26 depends on glib2
Previous by Thread: p5-libwww
Next by Thread: Re: p5-libwww
Indexes:

Home | Main Index | Thread Index | Old Index