Overview of current maintainer fails

schmorp recently complained about a maintainer fail in Math::BigFloat, and since this is not an isolated incident of the last years, I try to give a summary of all the maintainer fails of important modules lately, as I happen to fix them privately.

Problems in core ext/ and dist/ modules, maintained by p5p:

These are all doomed modules, as p5p refuses to take bug and security reports, and most of them are not maintained and fixed and improved in cperl only.

Math::BigFloat

Maintained by p5p, responsible: pjacklam

regression in blsflt (left shift) and refusal to fix it, lack of understanding of float math.

fixed in cperl only. in cperl we also heavily modernized all the bigint/bignum/bigrat/Big::* modules to use typed signatures.

there were several podcheck fails, which were promptly fixed. so they do react fast, their only problem is the lack of understanding.

Storable

maintained by p5p, responsible: nobody

missing features, grave security problems with bless and tie, other security problems on 64bit with overlarge hashes and names. fixed in cperl only.

tonyc recently replied to a similar but limited bugreport with a partial fix, which doesn't really help.

Net::Ping

unmaintained by p5p, responsible: nobody, previously smpeters

p5p took it over from him, while smpeters refactored the test suite for a while. many bug reports and patches still sitting in the cpan queue, no idea about the p5p queue, because they blocked me there.

development stalled, so I added most needed features and fixes. fixed in cperl, and on https://github.com/rurban/Net-Ping

ExtUtils::Constant

unmaintained by nwclark, responsible: nobody

Development and maintenance stalled, many fixes unanswered. I had to publish all fixes to cpan as UNAUTHORIZED RELEASE.

Fixed in cperl.

Opcode

unmaintained by rgs

Development and maintenance stalled, many improvements ignored. had to publish my own version Opcodes. Maintainer only wants Opcode as parent module for Safe, but not to specify Opcode properties. This is hardly an acceptable point of view.

POSIX

maintained by p5p

Basically this module is only plagued by old sins, exporting all symbols at once and not by request. But the maintainers obviously don't know about this and accepted a bugreport that a new symbol is not automatically exported. This is a feature, not a bug.

The unsafe tmpnam is still exported, but at least deprecated. The new tmpnam replacements tmpfile, mkstemp, mkdtemp are missing.

POSIX::1003 should be used instead.

Problems in core cpan/ modules, maintained by various:

autodie

maintained by pjf, several private core fixes, several unfixed problems

this is a stable pragma with a complicated scoped feature set, which does not really work in corner cases. it broke the compiler with gensyms and empty stashes, and it broke Porting/sync-with-cpan. no autodie does not properly restore system() from CORE::. I had to remove autodie from cperl's improved sync-with-cpan, and I urge everybody else not to use it, as the errors are often invisible and undetected.

It is also considered bad practice to use it. You need to know which open can fail and which not. It's recommended for complete newbies, such as use warnings and Carp, which introduce heavy memory regressions.

Socket

maintained by pevans, but this guy can usually be trusted.

The queue is quite small.

But I had to add missing IPv6 constants in cperl for Net::Ping, a lot more are still missing for ping6 functionality. http://search.cpan.org/~rurban/Socket-2.021_01/

JSON::PP

unmaintained by makamaka

unwilling to support Cpanel::JSON::XS the follower to the broken JSON::XS

unwilling to support cross-compatibility with the other JSON modules, throws several redefinition warnings if the loading order is different.

unresponsive. we typically wait >1 year to get answers on feature requests. last release 2013.

in cperl we fixed overload stringify and eq as in Cpanel:JSON::XS esp. "true" => true not 1

Pod::Perldoc

now maintained by mallen

not much problems, but horrible perldoc.3 vs perldoc.1 conflicts in core integration.

podlators

horrible core integration of Pod::Man and a broken $Maintainers{MAP}

Pod::Simple

Properly maintained, but they still think they are alone on this world, same problem as with Ingy. That there is only one installed perl, and only this can run the tests. There exists $^X for a reason.

I fixed their t/search50.t test in Dec 2015, but it is still not handled.

Since cperl will ship its own heavily modernized version, it's no big deal. signature all the methods and get type violations at compile time, which caught many errors already.

ExtUtils-MakeMaker

maintained by the toolchain gang

I don't expect the toolchain folks to support the cperl variant, so I do it by myself, and added various new features along the line.

wrong Config dependencies, support PERL_USE_UNSAFE_INC=1, call darwin dsymutil with DEBUGGING, use the fixed and faster YAML and JSON cperl core parsers. see below at Problems in core toolchain cpan modules, kept fixes private.

Test-Simple

maintained by exodist, very sceptical

The big Test2 feature he is working on for 2 years is event-based streamable tests, which still is 2x slower so far. So a no go. See http://search.cpan.org/~exodist/Test-Simple-1.302014_007/lib/Test2/Transition.pod

The old implementation is too heavy, we simplified and improved it internally. Since cperl will ship its own heavily modernized version, it's no big deal. We improved many abstraction methods. Signature all the methods and get type violations at compile time, which caught many errors already. Some of our type checks will break your tests, esp. that the skip count needs to be a number.

Digest::MD5

maintained by gisle, no response

core had traditionally a wrong U32_ALIGNMENT_REQUIRED probe in Configure.

I added a proper probe to fix the intel architecture, and added compatible SIGBUS on alignment fails, to detect previously undetected alignment errors. Fixed 64bit and darwin multiarch probes. Fixed RT #77919

https://github.com/rurban/digest-md5/tree/intel-align-rt77919

Devel-PPPort

unmaintained by alh

Had to fix 5.16 binary names by myself, which should have happened in the last 8 years, as p5p pushed for binary names, and I opposed it.

cperl also supports @INC without . (-Dfortify_inc)

See https://github.com/rurban/Devel-PPPort/tree/516gvhv

Scalar-List-Utils

maintained by pevans

Many core features are improperly supported, and many features are missing, so people had to come up with List::MoreUtils. The current maintainers do not known about MULTICALL and lexical $_, the most trivial features needed for this module.

The recent div by zero fix was done much worse than in cperl.

At least he is responsive.

Config::Perl::V

Only minor issues. This is the only core module published as .tgz, so it cannot be updated by p5p with sync-with-cpan. only fixed in cperl.

Problems in core toolchain cpan modules, kept fixes private

Basically all toolchain modules which lack cperl support. Esp. the 'c' suffix version detection and comparison, and the lack of knowledge about cperl builtin modules without .pm: XSLoader, DynaLoader, strict, coretypes. The old toolchain still wants to install a missing XSLoader requirement, because it searches for modules statically, not dynamically.

CPAN-Meta-YAML, CPAN-Meta-Requirements, version, CPAN, CPAN-Meta, Parse-CPAN-Meta, EU-MM

The biggest problem is over-architecture, as the toolchain is typically the gathering place for all the important people too incompetent to do core. The old master Dan Golden is the only light in the dark.

Another problem is the lack of efficient JSON and esp. YAML support, and lack of YAML compliance. They gave up on YAML instead of fixing it, as we did.

With cperl we added fast XS variants for JSON and YAML, fixed the broken and overly strict YAML::XS, and use this throughout. And not the infant YAML::Tiny, which also deviates from the YAML specs. cperl added JSON and YAML validation tests for all existing JSON and YAML modules.

Problems in other cpan modules, maintained by various:

I've looked over all my >100 distroprefs patches, and in the end problems are only with ether and schmorp. schmorp at least knows what he is doing and eventually comes up with fixes by himself.

Moose

maintained by ether

Moose was compilable before ether took over, since then it eroded. The maintainer doesn't have an idea how compile-time vs run-time works, which should be critical understanding for such a compile-time optimized module.

A lot of compile-time code is not run in BEGIN or CHECK blocks, rather as main_cv code of compile-time imported modules, which does not work when separated into compiled and run-time.

I didn't even bother to file a ticket, as 1st compared to Mouse Moose is totally unusable, and 2nd the maintainer might be willing to fix it, but is not able to maintain this.

Sub::Name

maintained by ether

The new maintainer is not able to come up with 5.16 support, binary names. She refused to merge my fixes for several years.

B::Utils

maintained and taken over by ether. I suspect a hostile takeover.

The new maintainer was not able to maintain API stability for OP::parent, one of the biggest reasons this module exists, and lied for the reasons to take it over. A complete disaster. I had to publish my own stable B::Utils1 module.

Summary

So in summary, only p5p and ether are failing to do their job.

With the core cpan modules there are some typical outliers, nothing dramatic. cpan itself looks very healthy, whilst p5p looks totally dead.

1 Comment

There are a number of inaccuracies in this post, not just whether certain modules are maintained, but who the maintainer(s) is/are, and whether they have merged various fixes. This data is not to be trusted and should be considered more opinion than fact.

I'd go into details, but (1) reini already proved over in http://blogs.perl.org/users/rurban/2016/04/the-removal-of-the-lexical-topic-feature-in-524.html that he won't actually respond to technical questions unless they offer him a chance to abuse people further, (2) that fact already got him banned and it seems unfair to put him in a position where he can't reply rather than will merely refuse to.

-- mst, disappointed that, in the end, reini chose abusing people over technical matters, thereby meaning that his possible technical contributions to perl will never happen