[Changes for 0.82 - Sun Aug 26 23:00:04 CST 2018]
* Fix CRLF handling on Win32. (@niklasholm)
* Default to SHA256 on new hashes as SHA1 is deprecated. (@niklasholm)
Upstream changes:
[Changes for 0.79 - Mon May 18 23:02:11 CST 2015]
* Restore "cpansign --skip" functionality.
Contributed by: CLOOS
[Changes for 0.78 - Thu Apr 9 16:58:27 CST 2015]
* Fix verify() use from cpanm and CPAN.pm.
Contributed by: ANDK
[Changes for 0.77 - Wed Apr 8 19:36:50 CST 2015]
* Include the latest public keys of PAUSE, ANDK and AUDREYT.
* Clarify scripts/cpansign copyright to CC0.
Reported by: @pghmcfc
[Changes for 0.76 - Wed Apr 8 18:05:48 CST 2015]
* Fix signature tests by defaulting to verify(skip=>1)
when $ENV{TEST_SIGNATURE} is true.
Reported by: @pghmcfc
[Changes for 0.75 - Tue Apr 7 04:56:09 CST 2015]
Two more issues reported by John Lightsey:
* Update ChangeLog.
* More protection of @INC from relative paths.
Fix various issues reported by John Lightsey:
[Changes for 0.74 - Tue Apr 7 02:39:14 CST 2015]
Fix various issues reported by John Lightsey:
* Fix GPG signature parsing logic.
* MANIFEST.SKIP is no longer consulted unless --skip is given.
* Properly use open() modes to avoid injection attacks.
[Changes for 0.55 - 2006-07-29]
* ANDK submitted a patch to fix versioning problem when
the user elects to install Crypt::OpenPGP.
* Major refactoring of the Makefile.PL to ease the installation process.
[Changes for 0.54 - 2006-05-12]
* Fixed a long-standing bug where differing end-of-line conventions
could cause bogus comparisons in signature checks.
* Fixed another long-standing bug where CRLF text files were hashed
into different digests under Unix and Dosish platforms. Now it's
consistently hashed as if it's been normalized to LF.
* Optional dependencies are no longer installed-by-default.
[Changes for 0.53 - 2006-01-31]
* The explicit call to "readline(D)" didn't compile on earlier perls which
demanded either "readline(*D)" or "<D>" -- I elected the latter form.
Reported by: Matthew Persic
* Update my author key to reflect revoked past uids.
[Changes for 0.52 - 2006-01-19]
* POD and source code cleanup; no functional changes.
* Updated my author key to reflect my new name and identity.
* Upgrade to the latest Module::Install to fix Cygwin
installation problems.
Reported by: Lyle Ziegelmiller
[Changes for 0.51 - 2006-01-02]
* Even more flexible CRLF handling for SIGNATURE files,
Contributed by: Andreas Koenig.
[Changes for 0.50 - 2005-08-21]
* Add support for to SHA-256, requested by Mark Shelor in light
of the recent SHA1 attacks. SHA1 is still the default, but
you can now override this by settings MODULE_SIGNATURE_CIPHER
environment variable to SHA256.
[Changes for 0.45 - 2005-08-09]
* Andreas Koenig ported out that "Import GPG keys?" was asked
far too many times during autoinstall.
Collection.
The Perl 5 module Module::Signature adds cryptographic authentications
to CPAN distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember running
cpansign -v (or just cpansign) before issuing perl Makefile.PL or
perl Build.PL; that will ensure the distribution has not been
tampered with. For module authors, you'd want to add the SIGNATURE
file to your MANIFEST, then type cpansign -s before making a
distribution. You may also want to consider adding a signature
check as part of your test suite.
