All of us showed up for a long meeting of identifying release blockers. First we went over the issues and PRs submitted since last week, none of which turned out to be new potential blockers. Then we examined all of the issues and PRs of interest we had previously identified. We applied the “Release Blocker” label where necessary, left comments, and merged a few of the PRs. Out of 20 issues and 11 PRs on our list, we identified 5 issues and 1 PR as blockers, of which the PR and several of the issues all pertain to the same problem with retention of errors on filehandles across I/O operations. This issue needs an informed decision, which we did not have the time for in this meeting, but will pursue next.
Our next meeting will be in person at the PTS.
[P5P posting of this summary]
We were all present.
CVE-2024-56406 is published and has been addressed by new point releases. Please upgrade or patch your perl promptly if affected. We thank Steve Hay, Andreas König and Stig Palmquist for doing the heavy lifting, as well as Nathan Mills for discovering the problem, and Karl Williams for providing the fix. We re-/learned a number of old and new lessons about the handling of security issues, which we will write up as new process for the PSC, the Perl Security Team, and the CPANSec group, to be jointly reviewed and agreed at the looming PTS.
We started winnowing this release cycle’s pull requests for potential release blockers. We briefly reviewed all 72 pull requests and identified 11 of interest for a closer look.
We reviewed the 2 new issues filed since last week for release blocker potential and put one of them on our list for closer review. We then started a closer examination of the 20 issues we identified as candidate blockers. We got through 5 issues, none of which we considered blockers.
[P5P posting of this summary]
Lots has been going on. All of us showed up, though Aristotle had to join late and Philippe had to leave early, so the meeting was short but productive:
- We continued with the potential release blocker issue review and finished going over all 49 issues remaining at this time, of which we identified 11 of interest. There are now still 72 pull requests to review.
- We agreed to include the new Perl logo in the next release, but don’t yet know exactly how and where. That should be sorted out on p5p, and we will kick that off soon.
- We went over the latest point release news, where everything is finally on track. It is coming very soon.
[P5P posting of this summary]
The three of us attended.
- Preparations for the point release are now in full swing.
- In relation to that, we ran into infrastructure permissions discrepancies that have cropped up due to an absence of onboarding/offboarding procedures. We need to address both the immediate and long-term issues here.
- We started winnowing this release cycle’s issues for potential release blockers. Out of about 95 issues, we have so far reviewed half, of which we identified 8 of interest. Additionally there are 72 pull requests to review.
[P5P posting of this summary]
All three were present.
- We went over developments on the point release front. Things are now finally moving, if slowly.
- We discussed some internal quality-of-life improvements to the PSC meeting workflow.
- We briefly reflected on our work as the PSC given our various personal circumstances this year.
- We discussed PPC 0027 (
any/all), prompted by the Mojolicious::Lite DSL question. We went over its status, how the work got merged, and current issues with the design. We confirmed an already possible technical solution to the Mojolicious issue and agreed that it satisfies us for now, but we still intend to pick up the further issues at a later time.
[P5P posting of this summary]
