PTS 2024 Projects
Add projects below that you're thinking of working on. If you see someone else's project that you'd like to help on, add your name, but email them as well please.
Group discussions ("consensus documents") proposals
- Common incident response organization and plan for Perl/PAUSE/CPAN/etc. (proposed by sjn)
- Security contact point consolidation and/or clarification of responsibilities. (proposed by sjn)
- Succession planning template. (proposed by sjn)
Presentations
- Short presentation and discussion about CPAN version normalizing (see cpanspec) - Tina Müller (tinita)
- "My future plans for Perl" - Paul Evans (LeoNerd)
- Cyber Resilience Act update - Salve J. Nilsen (sjn)
Salve J. Nilsen (sjn)
- CPANSec
- CPAN::Meta::Spec update to prepare for new EU requirements
- Discussions on...
- Introduction of project sustainability metadata to CPAN::Meta::Spec
- Introduction of SBOMs in the toolchain
- Introduction of PackageURLs in the toolchain
- PackageURL support in CPAN::DistnameInfo
Test Coverage (Paul Johnson (pjcj))
- cpancover
- The backend system has been down for a while due to infrastructure problems
- Containerise the entire system to isolate it from the underlying infrastructure
- Currently only the actual Devel::Cover run is containerised
- Simplify development setup using above work
- Get development and production environments looking identical
- Continue discussions on production migration
- Consider adding redundancy
- Simplify and automate the process of updating perl and other dependencies
- The backend system has been down for a while due to infrastructure problems
- Devel::Cover
- look into intermittent BSD cpants failures
- work on existing tickets
Paul Evans (LeoNerd)
- "My future plans for Perl" - presentation
- Followups and resolution on `local::lib-alike-in-core`, multiple MetaCPAN indexes per perl version
Breno Oliveira (garu)
- CPANSec
- CPAN Vulnerability Index
- review pipelines and make index as up to date as possible
- make feed available, browsable and searchable on our own website
- Integrate with MetaCPAN
- CPAN Provenance & Supply Chain Security
- risk assessment of the Perl software supply chains, and lessons learned from recent events on PAUSE/CPAN and other languagesâ package managers.
- understand current state of distribution signing, limitations and what can be done to improve them either on PAUSE, cpan* client tools or MetaCPAN - maybe considering something like SLSA.
- CPAN Metadata and SBOM
- readers/writers for SPDX and CycloneDX
- a module for writing a SBOM file on the fly from any indexed distribution on CPAN
- integration with MetaCPAN
- CPAN Software Composition Analysis
- understand if it would be interesting to support VEX files
- CPAN Vulnerability Index
- CPAN Testers
- discuss and assess current project needs with peers and stakeholders, (hopefully) understanding why and how people use all related tools and services today (either from CPAN Testers or third parties), to trace a proper roadmap on how can the project add the most value to its actual and potential users, including:
- better tooling (client-side)
- better visualization and correlation features (server-side)
- test report improvements
- integrations (cpancover, metacpan, pause, etc)
- discuss and assess current project needs with peers and stakeholders, (hopefully) understanding why and how people use all related tools and services today (either from CPAN Testers or third parties), to trace a proper roadmap on how can the project add the most value to its actual and potential users, including:
Sponsors
