Ask a Question related to PERL Modules, Design and Development.
-
Eric R. Meyers #1
Authors -- Trusted Signature help available
================================================== ========================
There are a lot of modules in CPAN that don't have SIGNATURE files, and if
they do, a lot of them don't have Trusted signatures, if even good ones.
I'm available to help authors with correcting this issue. Well not
completely correcting, but just improving things a little bit, one CPAN
author at a time.
================================================== ========================
I've started a project with what I've called the Bundle::Modules suite, in
which I'm going to separate the stable modules from the unstable modules in
all of CPAN, but at the same time I'm offering to help, and also asking for
help to identify the crappy unstable modules in CPAN to get them out of the
way of all of us getting to the good stable stuff ASAP, when trying to
download a bundle of modules. I've got all 38,554 of CPAN modules that are
currently listed.
Feel free to contact me with the good or the bad that you find out there,
because I'll use all the information that I can get from others. Hey, it's
better than all of those spam emails about my winning the Nigerian Lottery.
If you browse the source for Bundle::Modules, I think that you be glad that
you stopped by to see the Module::Build oriented scripts I have in
development. I stole from the best examples that I could find in CPAN, and
synthesized my own to reach my goal.
Another thing that I'll openly request is that you send me your armored
public keys as file attachments, and I'll incorporate them to help the user
load all of the author keys into their key rings. I'm currently also
working on a program to collect all of the keys automatically for us, and
import them, so that you are playing in the Trusted SIGNATURE game.
Eric R. Meyers Guest
-
What to do when CPAN module authors can't be reached? (Bug + fix
Hi, I found a bug in Frontier::RPC2. I've sent the author 2 emails (with a few months between) and never received any reply nor did the email... -
Authors Wanted!
> Time - when I get the time I'm gonna write a book on time management. LMAO...... it will probably end up a classic like 'The Mythical Man Month' -
IT authors required!
Sorry to barge into this newsgroup but we are looking for IT writers immediately! We are need four featured writers for our monthly newsletters.... -
Call for authors
I'd like to write about post-dating posts in newgroups. :P Ray at work "WebDevMagazine" <MsTech@webdevmagazine.co.uk> wrote in message... -
Authors Wanted - WHOIS itc2.org???
Yes, real world experience IS important. I remember back when the Oracle7 Certified DBA certificate required proof of at least 3 years... -
Ilya Zakharevich #2 Are CPAN and PAUSE trusted?
[A complimentary Cc of this posting was sent to
Eric R. Meyers
<ermeyers@adelphia.net>], who wrote in article <FYSdneLXENKDEfjZRVn-uA@adelphia.com>:First, get CPAN and PAUSE authenticated through a "trusted" root.> ================================================== ========================
> There are a lot of modules in CPAN that don't have SIGNATURE files, and if
> they do, a lot of them don't have Trusted signatures, if even good ones.
> I'm available to help authors with correcting this issue. Well not
> completely correcting, but just improving things a little bit, one CPAN
> author at a time.
Second, allow a way for CPAN authors to authenticate THROUGH the CPAN
certificate. (I.e., make PAUSE to issue certificates to all the authors.)
IM[uneducated]O, only after these steps a cooperation of authors may be saught.
Hope thie helps,
Ilya
Ilya Zakharevich Guest
-
Eric R. Meyers #3 Re: Are CPAN and PAUSE trusted?
Ilya Zakharevich wrote:
================================================== ========================> [A complimentary Cc of this posting was sent to
> Eric R. Meyers
> <ermeyers@adelphia.net>], who wrote in article
> <FYSdneLXENKDEfjZRVn-uA@adelphia.com>:>>'gpg --list-keys [name]' is also an extremely usefull command that I forgot>>> There are a lot of modules in CPAN that don't have SIGNATURE files, and
>> if they do, a lot of them don't have Trusted signatures, if even good
>> ones.
>> I'm available to help authors with correcting this issue. Well not
>> completely correcting, but just improving things a little bit, one CPAN
>> author at a time.
> First, get CPAN and PAUSE authenticated through a "trusted" root.
>
> Second, allow a way for CPAN authors to authenticate THROUGH the CPAN
> certificate. (I.e., make PAUSE to issue certificates to all the authors.)
>
> IM[uneducated]O, only after these steps a cooperation of authors may be
> saught.
>
> Hope thie helps,
> Ilya
to mention.
Eric R. Meyers Guest
-
Eric R. Meyers #4 Re: Are CPAN and PAUSE trusted?
Ilya Zakharevich wrote:
================================================== ========================> [A complimentary Cc of this posting was sent to
> Eric R. Meyers
> <ermeyers@adelphia.net>], who wrote in article
> <FYSdneLXENKDEfjZRVn-uA@adelphia.com>:>>This is off the top of my head, so someone please check if I did this right.>>> There are a lot of modules in CPAN that don't have SIGNATURE files, and
>> if they do, a lot of them don't have Trusted signatures, if even good
>> ones.
>> I'm available to help authors with correcting this issue. Well not
>> completely correcting, but just improving things a little bit, one CPAN
>> author at a time.
> First, get CPAN and PAUSE authenticated through a "trusted" root.
>
> Second, allow a way for CPAN authors to authenticate THROUGH the CPAN
> certificate. (I.e., make PAUSE to issue certificates to all the authors.)
>
> IM[uneducated]0, only after these steps a cooperation of authors may be
> saught.
>
> Hope thie helps,
> Ilya
I'm just recently educated, so I know what you're facing. I found that the
biggest problem is probably that a person generated the own keys using
gpg --gen-key
gpg --keyserver hkp://subkeys.pgp.net --send-keys [name]
gpg --armor --export [name] | tee YOURAUTHORID2006.pub
as their normal user self (as username) which will have ultimate trust set
in there keyring for their key. But you usually need to be root when
installing CPAN modules via cpan or cpanplus, so that you have the write
permissions for /usr/lib/perl5. And, likewise you need to be root to do the
'make install' for your distribution development.
You need to load your root's /root/.gnupg/ keyring databases with your
public key, and then set the trust value to 'ultimate' trust, of course:
as root:
gpg --import ~username/YOURAUTHORID2006.pub
gpg --edit-key [name]
Command> trust
Comanmd> q
now your root trust's you too, but root will now eventually also make make a
SIGNATURE via 'cpansign -s' for you CPAN distribution.
in both ~username/.gnupg/gpg.conf and /root/.gnupg/gpg.conf find and do:
# If you have more than 1 secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.
#default-key 621CC013
default-key 83CE80A3 <-- this is my public key id, use your own public keyid
# If you do not pass a recipient to gpg, it will ask for one. Using
# this option you can encrypt to a default key. Key validation will
# not be done in this case. The second form uses the default key as
# default recipient.
#default-recipient some-user-id
default-recipient-self
Let me know, if you have questions.
Here's the ERMEYERS2005.pub, save it to file and 'gpg --import
ERMEYERS2005.pub'; and don't worry, you don't have to trust me, unless you
'gpg --edit-key ermeyers', Command> trust, Command> q.
[url]http://search.cpan.org/src/ERMEYERS/Bundle-Modules-2006.0512/public_keys/ERMEYERS2005.pub[/url]
Here's the PAUSE2003.pub, save it to file and 'gpg --import PAUSE2003.pub'.
[url]http://search.cpan.org/src/ERMEYERS/Bundle-Modules-2006.0512/public_keys/PAUSE2003.pub[/url]
Eric R. Meyers Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
