Package: perl Version: 5.36.0-4 Severity: grave Justification: renders package unusable
It is no longer possible to install modules from CPAN because signatures can no longer be checked. There was no such issue with 5.34. This is a major regression; in particular, the locally installed modules need to be reinstalled after the upgrade. Example: Fetching with HTTP::Tiny: https://cpan.org/modules/03modlist.data.gz Reading '/home/vinc17/.cpan/sources/modules/03modlist.data.gz' DONE Writing /home/vinc17/.cpan/Metadata Running install for module 'ReadDir' Fetching with HTTP::Tiny: https://cpan.org/authors/id/S/SA/SAMV/ReadDir-0.03.tar.gz CPAN: Digest::SHA loaded ok (v6.02) Fetching with HTTP::Tiny: https://cpan.org/authors/id/S/SA/SAMV/CHECKSUMS CPAN: Module::Signature loaded ok (v0.88) gpg: Signature made 2021-11-21T22:42:22 CET gpg: using RSA key B6A1739063760CCA gpg: Can't check signature: No public key Signature for file /home/vinc17/.cpan/sources/authors/id/S/SA/SAMV/CHECKSUMS could not be verified for an unknown reason. Distribution id = S/SA/SAMV/ReadDir-0.03.tar.gz CPAN_USERID SAMV (Sam Vilain <s...@vilain.net>) CALLED_FOR ReadDir CHECKSUM_STATUS CONTAINSMODS ReadDir UPLOAD_DATE 2004-06-25 incommandcolor 1 localfile /home/vinc17/.cpan/sources/authors/id/S/SA/SAMV/ReadDir-0.03.tar.gz mandatory 1 negative_prefs_cache 0 prefs HASH(0x55c2dfe1e9f8) reqtype c Module::Signature verification returned value 0E0 The manual says for this case: Cannot verify the OpenPGP signature, maybe due to the lack of a network connection to the key server, or if neither gnupg nor Crypt::OpenPGP exists on the system. You probably want to analyse the situation and if you cannot fix it you will have to decide whether you want to stop this session or you want to turn off signature verification. The latter would be done with the command 'o conf init check_sigs' Signature for S/SA/SAMV/CHECKSUMS could not be verified for an unknown reason. Distribution id = S/SA/SAMV/ReadDir-0.03.tar.gz -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages perl depends on: ii dpkg 1.21.9+b1 ii libperl5.36 5.36.0-4 ii perl-base 5.36.0-4 ii perl-modules-5.36 5.36.0-4 Versions of packages perl recommends: ii netbase 6.4 Versions of packages perl suggests: pn libtap-harness-archive-perl <none> ii libterm-readline-perl-perl 1.0303-2.1 ii make 4.3-4.1 ii perl-doc 5.36.0-4 -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
