layout | toc | meeting_time | title |
---|---|---|---|
page |
true |
June 5th, 2024 16:00 UTC |
Minutes 2024-06-05 |
2024-06-05 16:00 UTC @ TPRF Slack #cpan-security channel
- @sjn
- @stigtsp
- @timlegge
- @petek
- timlegge and stigtsp met to discuss the CNA and some CPANminus things
- stigtsp and garu CPANMinus discussions with the Docker folks for Perl to try to move to secure by default
- No update on the secure by default release of the cpanm
- Can we ask cpan.org to force redirect to https
- sjn mentioned OpenSSF and recommended that we joins a couple of their groups
- working group for securing software repos
- Supply chain Security
- waiting on their reply.
- I expect that they will want to validate some items.
- looking at [email protected] as a request
- No update on the TLS/HTTPS in core and Leon was unable to attend.
- Should apply and see what happens
- Minimum is a 150K
- Try to apply for money for SSL/TLS in core funding
- Discussion of a vetted cpan module download site with attestation
- Create a list of modules/dists that need/must to be fixed for CPAN to be "Secure by Default"