H.Merijn Brand (Tux)
Thu 2025-05-01
- Welcome
- Discuss CVE/Security tooling needs
- Discuss Exchange formats and stages for passing security information
- Extend Test::CVE-0.10 with has_no_cves
- Discuss weaknesses in CPAN ecosystem
- Fix own dists/modules to work with yath in xt
Fri 2025-05-02
- Fix loose ends in Test::CVE
- Try has_no_cves in Text::CSV_XS and DBI (and some others)
- PR for DBD::Oracle
- CVE/CNA session including triage
- MITRE/CISO meeting
Sat 2025-05-03
- Release Test-CVE
- First Test::Smoke session
- Initiate the process of eridication of the stdio layer
- First steps in converting Test::Smoke results to match CPANTESTERS for merging
- restore db snapshot from 2024-10 in MariaDB
- convert MariaDB to PostgreSQL
- discuss roadmap and requirements
- start mapping
- Fix DBI issues
- Track down DBD::Oracle issue (with Graham Knop (haarg))
Sun 2025-05-04
- Test::CVE
- Make reporting CVE's uniq
- Run has_no_cves only in author env
- Tracking down DBD::Oracle issues (with Leon Timmermans (leont))
- gcc-14+ warning document
- CPANSec podcast
- Release Test::CVE-0.11
- More DBI/DBD::Oracle digging
- Test::Smoke podcast
Laurent Boivin (Elbeho)
Thu 2025-05-01
- Act DB backups:
- daily backup of the test instance
- once a month, latest backups for both prod and test instances are saved apart
- Act PSGI
- successfully run ActPSGI in podman containers
- the PTS2025 website is properly displayed on that version.
- next step: import the DB
Sat 2025-05-03
- Act PSGI
- DB successfully imported.
Paul Evans (LeoNerd)
- Implemented assigning xor `^^=` operator -- https://github.com/Perl/perl5/pull/23242
- Gave a talk on "What's new in Perl 5.42", which lead into discussion why roles are hard to design and provide features for
- Fixed exception handling within defer/finally blocks -- https://github.com/Perl/perl5/pull/23244
- Talked with Leon Timmermans (leont) about App::ModuleBuildTiny, and looked at thoughts of using it for some of my more complex-to-build modules, such as Tickit
- Continued core perl work on the `faster-signatures` branch, getting as far as having the parser natively emit OP_MULTIPARAM ops and implementing the CVf_NOSNAIL optimisation. Early quick hack benchmarks suggest this could give up to an encouraging 13% speedup to all signatured code.
Julien Fiegehenn (simbabque)
Thu 2025-05-01
- backlog grooming and chasing of old PRs in LWP
Fri 2025-05-02
- update github workflows for all modules in the libwww-perl org
Tina Müller (tinita)
YAML::XS 1.2 / OOP / YAML::PP compatibility
I continued working YAML::XS: YAML 1.2 Core Schema + the Object Oriented Interface.
I started this at SUSE Hackweek 2024.
At the PTS I changed the Proof of Concept matching of special values from a Perl Regex to C code.
I also fixed a segmentation fault that was happening when there was an exception in the loader and the DESTROY method was called before the exception handling, invalidating a pointer.
I updated the pull request and made a trial release. I can hopefully make a regular release in the next few days (but still marking the new interface as experimental).
There are also a couple of new options like utf8, header, footer, width, require_footer and anchor_prefix, that the old interface doesn't have.
YAML::Syck
Helped with a little YAML::Syck issue
Paul Johnson (pjcj)
- Made three Devel::Cover releases
- Fixed Devel::Cover to work with 5.42.0 (to be)
- Discovered and reported a perl problem during Devel::Cover testing (missing `^^=` operator)
- Got cpancover.com working on btrfs with compression to allow more coverage reports on the server. (Special shoutout to Ferenc Erki for suggesting the solution and working with me to implement it.)
- Merged in all outstanding Devel::Cover PRs
- Closed out a few tickets
- Several very productive discussions around coverage, testing, hosting and other topics
Mickey Nasriachi (Mickey)
Worked on MetaCPAN's ingest repo.
This repo will replace the data ingestion to ES, replacing the current write-access part of the API (which will have read-only access to ES).
The work included (mainly):
- Various scripts fixes and updates
- Setup test creation (WIP)
- Discussions over tests in metacpan-ingest & CLI tooling
- Discussions with Stig & Breno over future changes to the `cve` script (and data set)
Breno Oliveira (garu)
* Discussed and worked on many of the tooling used by CPAN Security;
* Released two new CVEs;
* Designed and implemented v1 of the new CPANSec advisories feed, then worked alongside Mickey Nasriachi (Mickey) to understand MetaCPAN's index requirements for it to go live;
* Discussed MFA and auth keys for PAUSE with Kenichi Ishigaki (charsbar), Andreas Koenig and stigo;
* Participated in several meetings and presentations in the event, and a podcast on CPAN Testers;
* Discussed the future of CPAN Testers with Ruth Holloway (geekruthie), Ferenc Erki (FErki), Doug Bell (preaction) and others, providing the perspective of the CPAN clients;
* Closed several longstanding open issues in Clone with Atoomic;
* Wrote the (yet unreleased) CPAN::Reporter::Common module, a complete rewrite of the core functionality, to be plugged by CPAN::Reporter and App::cpanminus-reporter, with the input of Andreas Koenig;
* Wrote a CLI tool that allows sending reports from manual installs (without the aid of CPAN clients);
* Discussed the CPAN River algorithm with Thibault Duponchelle (tibtib), and worked together on improving it;
