This week in PSC (231) | 2026-06-29

Once again we were all present.

  • A new blocker appeared. It is only just impactful enough to register, but unfortunately not negligible enough to ignore. We will attempt a resolution before we consider other options.
  • There has been some more activity in the LLM policy discussion, where we didn’t get around to posting our thoughts last week. We will rectify that.

[P5P posting of this summary]

ANNOUNCE: Perl.Wiki V 1.48, Mojo.Wiki V 1.19 etc

I have uploaded to CPAN:
o CPAN::MetaCurator V 1.23
o CPAN::MetaPackager V 1.03

And I have uploaded to my Wiki Haven:
o Perl.Wiki V 1.48
o cpan.metacurator.tree.html V 1.23
o Mojo.Wiki V 1.19

Introducing Time::Str

PTS 2026

A quick summary of what I got up to at PTS 2026 in Vienna.

Test::Smoke's long-term future. I had several useful discussions with H. Merijn Brand (Tux) and Todd Rinaldo (toddr) about keeping Test::Smoke maintainable for the long term. This tied directly into the MetaCPAN hosting migration below: DigitalOcean offers managed Postgres, Hetzner doesn't, and Test::Smoke's existing database usage wasn't especially efficient. The outcome was toddr starting a rewrite that runs as a single container backed by SQLite and local files -- much more portable and easier to operate.

Migrating MetaCPAN from DigitalOcean to Hetzner. I spent a big chunk of the summit pairing with Shawn Sorichetti (hide) on the migration, including reorganising our Kubernetes setup so it deals more cleanly with multiple environments. Shawn was making a large number of changes; I focused on reviewing them quickly so we could iterate fast.

This week in PSC (230) | 2026-06-22

All three of us attended.

  • We accepted a number of last-minute patches provided by Karl to improve our z/OS support stance, since they are strictly limited to that system and largely touch things that were broken there anyway.
  • The worrying situation on CPAN Testers for the latest HTTP::Tiny situation cleared up; it was only caused by smokers-only tests against a live system that was intermittently unresponsive. Consequently we have now synchronized with CPAN, which means every one of the late-in-cycle release blockers we had is now addressed.
  • Leon had already begun work on RC1 even before that.
  • We touched base on LLM policy based on the feedback we have had on the thread so far. We have been chewing on some thoughts about that which are in draft state; we agreed that we should actually send them out soon.
  • We discussed one of the two new PPC PRs, about viral value magic, which Leon and Aristotle realized is more similar to tainting and its limitations than previously understood. No verdict was reached; we will continue this discussion.

[P5P posting of this summary]

Signing CPAN Releases with SigStore

Signing CPAN Releases with SigStore

At the most recent Perl Tool Chain Summit (PTS) in Vienna we decided to deprecate Module::Signature. Module::Signature has been around for a long time but it has become increasingly clear that it does not provide the security assurances that it was designed to deliver.

Dist::Zilla::Plugin::SigStore::SignRelease is a new plugin that signs your CPAN release with SigStore before uploading. SigStore uses short-lived, OIDC-issued certificates. You authenticate with Google, GitHub, or Microsoft, and cosign produces a signature bundle. No long-lived keys, no keyserver dance.

How it works

The plugin extends the Dist::Zilla plugin UploadToCPAN. During the dzil release, it:

  1. Calls cosign sign-blob on your release archive, producing a .sigstore.json bundle file.
  2. Pulls the certificate out of the bundle and verifies the signature locally before anything leaves your machine.
  3. Uploads both the tarball and the bundle to PAUSE.

GTC 2.1 go pro

Hai again, after a very productive three weeks I can announce the next major release of Graphics::Toolkit::Color (despite the rather small version number jump). In this post I explain what changed(+12 spaces, +1 method, +7 method args), why it is relevant and how I used LLMs to achieve that.

Ideas for the CPAN Meta v3 Specification

At the 2026 Perl Toolchain Summit Salve Nilsen and I proposed some ideas that we have been discussing on and off for the past several months for CPANSec, for a CPAN Meta v3 Specification.

Why does the specification need to be extended?

Version 2 of the CPAN Meta Spec (CPAN distributio n metadata specification) is does not allow the addition of new data, except using fields prefixed by "x_".

However, there is a need to include additional metadata about:

  • external dependencies (services, libraries, files, or environment variable)
  • embedded external libraries, e.g. zlib or bootstrap.
  • licensing
  • vulnerability reporting
  • parent-child relationships (e.g. forked project)
  • fixed vulnerabilities in this fork or in embedded libraries
  • code and documentation generated through automation or using LLMs
  • how and where to report security vulnerabilities
  • project funding and sponsorship
  • how the project is supported by the maintainers
  • enumeration of community health documents, e.g. SECURITY.md, GOVERNANCE.md and AI_POLICY.md

This week in PSC (229) | 2026-06-16

This week we had to reschedule to Tuesday in order to attend in full strength.

  • Release blocker triage continues and fortunately has not turned up anything new, but unfortunately has not delivered full resolution of already-known issues either: CPAN Testers says that HTTP::Tiny 0.096 is not a shoe-in, as we had hoped. We will have to evaluate the reports more closely.
  • We nevertheless intend to begin work on RC0, since it mostly consists of writing the perldelta.
  • None of us had time to spend on the LLM policy discussion this week.
  • We discussed the two new PPC PRs in very general terms but need to return to them in more depth next week.

[P5P posting of this summary]

ANNOUNCE: Perl.Wiki V 1.45 etc

All downloads mentioned here are available from my
Wiki Haven:

a. Perl.Wiki V 1.45
b. cpan.metacurator.tree.html V 1.17
c. Mojo.Wiki V 1.18
d. PHP.Wiki V 1.02

CPAN::MetaCurator V 1.17 has already been released to MetaCPAN, although I can't see it yet.

Welcome to the Perl Toolchain Summit 2026!

This post is adapted from my notes and recollection of the welcome speech I gave on the morning of Thursday April 23, 2026, just before the initial stand-up.

Geizhals Preisvergleich logo

This post is brought to you by Geizhals Preisvergleich, a Gold sponsor for the Perl Toolchain Summit 2026.

You can learn more about Geizhals at the end of this article.

Reading CPAN Testers Reports Using AI Agents

CPAN Testers produce a lot of data. Every CPAN distribution gets tested by our volunteers almost immediately after upload. These testers run every version of Perl across every platform you can imagine, and some you never knew existed. Instead of each project maintaining its own testing environments, the community maintains these systems so the project developers can focus on developing their project. There are more than 150 million test reports so far, and that number currently grows by about one million every month.

Sorting through all of those test reports is a big job. The community helps: Slaven Rezić, Andreas König, and others regularly submit tickets to a project's bug tracker for problems revealed by the testing systems they maintain. And individual maintainers can visit one of the UIs to view the data like the CPAN Testers Matrix (by Slaven) or CPAN Testers Magpie (by Scott Baker). But this, too, is a lot of manual effort.

This week in PSC (228) | 2026-06-08

We were all present.

  • 5.43.11 has so far turned up a few problems, thankfully small. As a result there are new versions of Archive::Tar and HTTP::Tiny to sync, which we intend to merge.
  • We decided how to proceed with our schedule: we will wait another week for any other findings in 5.43.11, and if nothing else shows up then we intend to start working on 5.44.0-RC0 at that point.
  • We discussed briefly the trajectory of the core team’s LLM policy conversation. For now we continue keeping an eye on the thread.
  • We noted PRs to add two new documents to the PPCs repository but didn’t have time to discuss them in this meeting. We intend to do so in the next one.

[P5P posting of this summary]

The Perl Documentation - Rewritten

Well, not all of it ... yet. But some of it has been rewritten many times in many languages and "all" of it will be rewritten in many more languages. Of course "all" will never be reached, so it will be an ongoing endeavor, but at least you know the goalposts.

You can read it at https://perl.petamem.com/docs/eng/, and the language picker in the upper right hand corner will tell you, more honestly than any sentence in this post can, where the public-facing part of the work currently stands.

Who tests the tester? Me !!!

As already reported, I'm writing this color library. Recently I created my own test function for it. And since it was easier that I thought, I want to show you how, so you can write your own!

PPC Summer 2026 - Call for Participation!

You may see the announcement at https://www.papercall.io/perlcommunityconferencesummer26, but talk submissions must go through https://forms.gle/PGGHXoYGeEhSapKy5 because papercall.io is very broken.

Please share this post, the powers that be rage against us; you will not see any post regarding our activities in Perl Weekly!

Update: We got in Perl Weekly this week, but not for the right reasons. I hope in the future this will not be repeated or necessary. Thanks to the Perl Weekly editor who included this announcement. Special acknowledgement to David Cross for heading up the negotiations.

If you wish to comment about this post, please do so at r/perlcommunity.

highres_533738236.jpg

Perl Community / Science Perl Committee Impact in 2025

Talks Delivered at Winter 2025 Perl Community Conference in Austin, TX

Video editing in progress, will be released after the 2026 Summer PPC.

Each PPC has its own playlist on our YT channel!

Talks Delivered at Summer 2025 Perl Community Conference in Austin, TX

This week in PSC (227) | 2026-06-01

This week we were back to full strength. We have now dealt with all of the belated issues and all of the blockers. Paul will be shipping 5.43.11 very shortly. With the amount of changes we have had to merge, we will not be able to rush the .11 cycle, but we intend to start the work on the 5.44 RC early, to ensure that we can release with as little additional delay as possible.

[P5P posting of this summary]

ANNOUNCE: Perl.Wiki V 1.47, JSTree copy V 1.21

Both are available from my Wiki Haven.

Next step will be the validation module for CPAN::MetaCurator, using the new:
use feature 'class'
code.

After that, back to the re-write of all *.pm in CPAN::MetaCurator.

Importance of Repositories in Public

It used to be so that a repository was only a place of work and the distribution was the actual result of that work. Only the contents of the distribution mattered. People would read the files README and INSTALL from the distribution after having downloaded it.

Not so anymore. Today the repository is out in the open in GitHub, GitLab, Codeberg or other shared hosting site. On the other hand, the documentation in the distribution is often discarded as distribution packages are rarely downloaded manually but rather via a package manager which installs them automatically.

Publicly viewable repository has in fact become much more than just a place of work. It is also an advertisement for the project and of the community behind it, if there is more than one author or contributor.

AI as a Chance - Opinion

Use AI. Use it more and better. If you are not yet equipped to use it well - that is fine, learning takes time - but please do not inhibit those in the community who are.

That is the whole argument. The rest of this piece is why I think it is correct, and why I think the current register of the Perl community around this topic is costing us something specific and avoidable.

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl with a graphic design donated by Six Apart, Ltd.