pkgsrc changes:
- switch from gnupg-1 (more or less depreciated) to Crypt::OpenPGP and a
bunch of used encoders and digest modules
- use Module::Install::Bundled module type
- remove patch - works fine with current infrastructure for now
Upstream changes:
[Changes for 0.66 - Fri, 6 Sep 2010 22:51:37 +0200]
* Fix incompatibility with EU::Manifest 1.54 to 1.57
(Paul Howarth) (Closes RT#61124).
[Changes for 0.65 - Fri, 3 Sep 2010 21:38:02 +0200]
* Skip MYMETA (Alexandr Ciornii)
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
Pkgsrc changes:
- placate pkglint
Upstream changes:
[Changes for 0.64 - Sun, 9 May 2010 00:50:11 +0200]
* Avoid creating gnupg configuration files for the user invoking Makefile.PL
(Closes RT#41978).
* Correctly detect the version of gnupg on cygwin and add tests for it
(Paul Fenwick) (Closes RT#39258).
Upstream changes:
[Changes for 0.63 - Sun, 28 Mar 2010 04:46:27 +0100]
* Fix diagnostic message from Makefile.PL when the user dosn't have gnupg or
Crypt::OpenPGP (miyagawa).
[Changes for 0.62 - Tue, 23 Mar 2010 22:17:39 +0100]
* Change the default keyserver from the outdated pgp.mit.edu to
pool.sks-keyservers.net.
[Changes for 0.61]
* Added "=encoding utf8" to POD to fix author name display.
No functional changes.
[Changes for 0.60]
* LICENSING CHANGE: This compilation and all individual files in it
are now under the nullary CC0 1.0 Universal terms:
To the extent possible under law, 唐鳳 has waived all copyright and
related or neighboring rights to Module-Signature.
* Updated Module::Install to 0.91, prompted by Florian Ragwitz.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
[Changes for 0.55 - 2006-07-29]
* ANDK submitted a patch to fix versioning problem when
the user elects to install Crypt::OpenPGP.
* Major refactoring of the Makefile.PL to ease the installation process.
[Changes for 0.54 - 2006-05-12]
* Fixed a long-standing bug where differing end-of-line conventions
could cause bogus comparisons in signature checks.
* Fixed another long-standing bug where CRLF text files were hashed
into different digests under Unix and Dosish platforms. Now it's
consistently hashed as if it's been normalized to LF.
* Optional dependencies are no longer installed-by-default.
[Changes for 0.53 - 2006-01-31]
* The explicit call to "readline(D)" didn't compile on earlier perls which
demanded either "readline(*D)" or "<D>" -- I elected the latter form.
Reported by: Matthew Persic
* Update my author key to reflect revoked past uids.
[Changes for 0.52 - 2006-01-19]
* POD and source code cleanup; no functional changes.
* Updated my author key to reflect my new name and identity.
* Upgrade to the latest Module::Install to fix Cygwin
installation problems.
Reported by: Lyle Ziegelmiller
[Changes for 0.51 - 2006-01-02]
* Even more flexible CRLF handling for SIGNATURE files,
Contributed by: Andreas Koenig.
[Changes for 0.50 - 2005-08-21]
* Add support for to SHA-256, requested by Mark Shelor in light
of the recent SHA1 attacks. SHA1 is still the default, but
you can now override this by settings MODULE_SIGNATURE_CIPHER
environment variable to SHA256.
[Changes for 0.45 - 2005-08-09]
* Andreas Koenig ported out that "Import GPG keys?" was asked
far too many times during autoinstall.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
early Win32 hacks. Reported by Steve Hay via Michael Schwern.
[Changes for 0.43 - 2004-12-16]
* Updated t/0-signature.t to be more friendly with Test::More;
contributed by Michael Schwern.
* Add $Timeout (default 3 seconds) to control the timeout for
probing connections to the key server.
* Take account of the .ts files produced by newer MakeMakers
in the suggested MANIFEST.SKIP list.
[Changes for 0.42 - 2004-11-20]
* Move under SVK version control management; ditch keyword tags.
* Michael Schwern pointed out that during development, the
"signature.t" file would keep failing.
* Documented how to generate SIGNATURE files as part of "make dist",
for Module::Install, ExtUtils::MakeMaker and Module::Build users .
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").
binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.
addresses PR pkg/28619 from H. Todd Fujinaka.
Collection.
The Perl 5 module Module::Signature adds cryptographic authentications
to CPAN distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember running
cpansign -v (or just cpansign) before issuing perl Makefile.PL or
perl Build.PL; that will ensure the distribution has not been
tampered with. For module authors, you'd want to add the SIGNATURE
file to your MANIFEST, then type cpansign -s before making a
distribution. You may also want to consider adding a signature
check as part of your test suite.