Perl 6 - the future is here, just unevenly distributed

IRC log for #metacpan, 2017-09-25

| Channels | #metacpan index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
05:14 cjm joined #metacpan
05:44 toddr joined #metacpan
06:00 nakiro joined #metacpan
07:23 karjala_ joined #metacpan
08:02 edward joined #metacpan
08:05 Relequestual joined #metacpan
08:49 neilb joined #metacpan
13:07 DrHyde joined #metacpan
13:08 DrHyde FYI cpandeps is now fetching 02packages once a day from metacpan instead of using the cpan.org mirror redirector thingy, because cpan.org is insisting on using some SSL neologism that my openssl doesn't support
13:08 DrHyde pleeeeeease don't hide it being pointless encryption!
13:08 DrHyde s/being/behind/
13:12 haarg DrHyde: are you fetching from metacpan via http or https?
13:12 haarg and if http, does it work with https?
13:20 haarg i can see issues connecting to www.cpan.org using openssl from my mac, but cpan.metacpan.org works
13:21 haarg both are using fastly, using shared certs
13:21 haarg not certain what is different with cpan.org
13:21 DrHyde cpan.org redirects http to https, and then uses some bizarro new version of openssl that doesn't work with the openssl i've got on the cpandeps server
13:22 DrHyde http to metacpan "just works"
13:22 haarg but does https to metacpan work?
13:24 DrHyde yes, provided i tell it to ignore the certificate not matching the hostname
13:24 DrHyde wget --no-check-certificate FTW!
13:25 haarg ouch
13:25 haarg old enough to not support sni?
13:25 haarg or actually that wouldn't even be sni
13:26 haarg the hostname should match via subjectAltName
13:29 haarg looks like the issue is that www.cpan.org only supports tls 1.2
13:47 Relequestual joined #metacpan
17:34 neilb joined #metacpan
17:39 neilb_ joined #metacpan
18:34 gordonfish joined #metacpan
18:36 ranguard haarg: DrHyde you need something that support TLS 1.2
18:36 ranguard it's only ~10 years old!
18:37 ranguard PCI compliance (and just good security) is going to require many many sites to switch to TLS 1.2 for HTTPS soon
18:38 haarg ranguard: unfortunately various operating systems constrain that
18:38 ranguard haarg: fastly are rolling out TLS 1.2 only across different sites
18:38 haarg like, for example, openssl on macos
18:38 haarg openssl being the only tls binding we have in perl land
18:39 ranguard haarg: not possible to use newer version of openssl?
18:39 ranguard oh, you mean macos vs osx?
18:39 haarg macos is the new name for osx
18:40 ranguard and it's not possible to get newer openssl?
18:40 haarg if you compile your own perl
18:40 haarg system perl on mac os 10.13.x will continue to use openssl 0.9.8something
18:40 haarg which doesn't support tls 1.2
18:41 ranguard well that's crap
18:41 haarg yep
18:41 ranguard software-- os's-- people-- (just for completeness)
18:42 ranguard DrHyde: we'll keep non-https cpan.mc.org around for a while then I guess
18:43 haarg trying to force https everywhere makes more sense for browser accessible things
18:44 * ranguard nods - though really should use it for software downloading to stop man-in-the-middle
18:45 haarg i would love an https only world, but bootstrapping that involves some complications
18:46 haarg we should definitely be honoring Upgrade-Insecure-Requests everywhere though, which i don't believe we are
18:46 ranguard one for the hackathon list
18:48 haarg https://github.com/metacpan/metacpan-puppet/issues/134
18:51 ranguard thanks
19:04 Grinnz when did cpan.org start redirecting to https?
19:08 haarg a couple weeks maybe?
19:09 haarg there was a blog post or something but i don't have the link
19:18 ranguard Grinnz: http://log.perl.org/2017/08/tls-only-for-wwwcpanorg.html
19:18 ranguard and https://www.nntp.perl.org/group/perl.cpan.workers/2017/09/msg1538.html

| Channels | #metacpan index | Today | | Search | Google Search | Plain-Text | summary