PTS 2024 Projects
Add projects below that you're thinking of working on. If you see someone else's project that you'd like to help on, add your name, but email them as well please.
Group discussions ("consensus documents") proposals
- Common incident response organization and plan for Perl/PAUSE/CPAN/etc. (proposed by sjn)
- Security contact point consolidation and/or clarification of responsibilities. (proposed by sjn)
- Succession planning template. (proposed by sjn)
Presentations
- Short presentation and discussion about CPAN version normalizing (see cpanspec) - Tina Müller (tinita)
- "My future plans for Perl" - Paul Evans (LeoNerd)
- Cyber Resilience Act update - Salve J. Nilsen (sjn)
Salve J. Nilsen (sjn)
- CPANSec
- Discussions on...
- Introduction of project sustainability metadata to CPAN::Meta::Spec
- Introduction of SBOMs in the toolchain
- Introduction of PackageURLs in the toolchain
- Introduction of "Open Source Software Steward" and CE-related metadata
- Operating changes in the CPAN ecosystem due to EU legislation
- Funding & budgeting for CPAN ecosystem activities
- Implement PackageURL support in CPAN::DistnameInfo
- Implement CPAN::Meta::Spec update to prepare for new EU requirements
- Discussions on...
Test Coverage (Paul Johnson (pjcj))
- cpancover
- The backend system has been down for a while due to infrastructure problems
- Containerise the entire system to isolate it from the underlying infrastructure
- Currently only the actual Devel::Cover run is containerised
- Simplify development setup using above work
- Get development and production environments looking identical
- Continue discussions on production migration
- Consider adding redundancy
- Simplify and automate the process of updating perl and other dependencies
- The backend system has been down for a while due to infrastructure problems
- Devel::Cover
- look into intermittent BSD cpants failures
- work on existing tickets
Paul Evans (LeoNerd)
- "My future plans for Perl" - presentation
- Followups and resolution on `local::lib-alike-in-core`, multiple MetaCPAN indexes per perl version
Breno Oliveira (garu)
- CPANSec
- CPAN Vulnerability Index
- review pipelines and make index as up to date as possible
- make feed available, browsable and searchable on our own website
- Integrate with MetaCPAN
- CPAN Provenance & Supply Chain Security
- risk assessment of the Perl software supply chains, and lessons learned from recent events on PAUSE/CPAN and other languages package managers.
- understand current state of distribution signing, limitations and what can be done to improve them either on PAUSE, cpan* client tools or MetaCPAN - maybe considering something like SLSA.
- CPAN Metadata and SBOM
- readers/writers for SPDX and CycloneDX
- a module for writing a SBOM file on the fly from any indexed distribution on CPAN
- integration with MetaCPAN
- CPAN Software Composition Analysis
- understand if it would be interesting to support VEX files
- CPAN Vulnerability Index
- CPAN Testers
- discuss and assess current project needs with peers and stakeholders, (hopefully) understanding why and how people use all related tools and services today (either from CPAN Testers or third parties), to trace a proper roadmap on how can the project add the most value to its actual and potential users, including:
- better tooling (client-side)
- better visualization and correlation features (server-side)
- test report improvements
- integrations (cpancover, metacpan, pause, etc)
- discuss and assess current project needs with peers and stakeholders, (hopefully) understanding why and how people use all related tools and services today (either from CPAN Testers or third parties), to trace a proper roadmap on how can the project add the most value to its actual and potential users, including:
Leo Lapworth (ranguard)
- MetaCPAN - K8's
- Setup Cluster storage as per discussion - https://github.com/metacpan/metacpan-k8s/discussions/50
- Migrate more parts ( metacpan-explorer etc)
- kube-state-metrics
- Clean up old puppet systems so clear what is now in k8's
- Clean up Fastly configs, delete any no in use
- Look to move one of the cluster nodes to a 2nd data center
- Possible additions - job queues / cron job failure email alerts
Ricardo Signes (rjbs) and Matthew Horsfall (alh) and Robert
- new PAUSE server
- make it possible to quickly install a working PAUSE instance on a stock Linux machine
- prove it works with a relatively good degree of fidelity
- set one up and cut "real" PAUSE over to it
- document how to use the installer for testing
- document how to upgrade the PAUSE software
- look at whether we can increase the number of active PAUSE operators
Leon Timmermans (leont)
- Finish CPAN::Requirements::Dynamic, and add support for it to Module::Build::Tiny
- Publish Dist::Build, an extensible Module::Build replacement
- Add support for the above to Dist::Zilla and App::ModuleBuildTiny
- Add CPAN::Static::Install support to CPAN.pm
H.Merijn Brand (Tux)
- Discuss Configure things with Dagfinn Ilmari Mannsåker (ilmari) regarding install locations and manual pages
- Discuss all aspects of CPANSec, hope to write more tests. Help Salve J. Nilsen (sjn) and Breno Oliveira (garu)
Sponsors
