Opened 4 years ago
Closed 4 years ago
#14584 closed enhancement (fixed)
URI-5.07 (Perl Module)
Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | high | Milestone: | 10.1 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New minor version
Change History (5)
comment:1 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
follow-up: 3 comment:2 by , 4 years ago
follow-up: 4 comment:3 by , 4 years ago
Replying to ken@…:
According to the Changes shown at metacpan, fixes for the domain hackers:
5.07 2021-01-29 22:52:20Z - s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)
Should we consider promoting this ticket to High because of that?
comment:4 by , 4 years ago
Priority: | normal → high |
---|
Replying to renodr:
Replying to ken@…:
According to the Changes shown at metacpan, fixes for the domain hackers:
5.07 2021-01-29 22:52:20Z - s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)Should we consider promoting this ticket to High because of that?
When I said hackers, I meant in the sense of stealing the domain. The report I saw last week said that it was apparently available, like a squatter taking it and offering it for sale. Didn't seem more than an annoyance. But I can't remember where I saw that. Probably a link from lwn to perl stuff and from there to a link to Brian Foy's blog, see https://portswigger.net/daily-swig/domain-for-popular-programming-website-perl-com-stolen-in-hack for a report of that. Google also found https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/ with more details, so yes there are security issues:
For this ticket, I guess high.
More importantly, for anyone using CPAN (ISTR that includes you and Bruce), from that second link:
Until the domain hijacking is resolved, perl.org is recommending that users do not use perl.com as a CPAN mirror and to update it using the following command:
# perl -MCPAN -eshell cpan shell -- CPAN exploration and modules installation (v2.20) Enter 'h' for help. cpan[1]> o conf urllist http://www.cpan.org/ Please use 'o conf commit' to make the config permanent! cpan[2]> o conf commit commit: wrote '/root/.cpan/CPAN/MyConfig.pm'
According to the Changes shown at metacpan, fixes for the domain hackers: