Opened 6 months ago

Closed 6 months ago

#14584 closed enhancement (fixed)

URI-5.07 (Perl Module)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version

Change History (5)

comment:1 by Douglas R. Reno, 6 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by ken@…, 6 months ago

According to the Changes shown at metacpan, fixes for the domain hackers:

5.07      2021-01-29 22:52:20Z
    - s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)

in reply to:  2 ; comment:3 by Douglas R. Reno, 6 months ago

Replying to ken@…:

According to the Changes shown at metacpan, fixes for the domain hackers:

5.07      2021-01-29 22:52:20Z
    - s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)

Should we consider promoting this ticket to High because of that?

in reply to:  3 comment:4 by ken@…, 6 months ago

Priority: normalhigh

Replying to renodr:

Replying to ken@…:

According to the Changes shown at metacpan, fixes for the domain hackers:

5.07      2021-01-29 22:52:20Z
    - s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)

Should we consider promoting this ticket to High because of that?

When I said hackers, I meant in the sense of stealing the domain. The report I saw last week said that it was apparently available, like a squatter taking it and offering it for sale. Didn't seem more than an annoyance. But I can't remember where I saw that. Probably a link from lwn to perl stuff and from there to a link to Brian Foy's blog, see https://portswigger.net/daily-swig/domain-for-popular-programming-website-perl-com-stolen-in-hack for a report of that. Google also found https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/ with more details, so yes there are security issues:

For this ticket, I guess high.

More importantly, for anyone using CPAN (ISTR that includes you and Bruce), from that second link:

Until the domain hijacking is resolved, perl.org is recommending that users do not use perl.com as a CPAN mirror and to update it using the following command:

# perl -MCPAN -eshell
cpan shell -- CPAN exploration and modules installation (v2.20)
Enter 'h' for help.

cpan[1]> o conf urllist http://www.cpan.org/
Please use 'o conf commit' to make the config permanent!
cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

comment:5 by Douglas R. Reno, 6 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24159

Note: See TracTickets for help on using tickets.