H.Merijn Brand (‎Tux‎)

• Analysis of the Test::Smoke database
• Attempt to convert that to Test2::Builder architecture (proved to be of no use)
• Extract binary data out of that 150 Gb+ database into local files
• replace bytea entries with locations of those files (new size is just over 300 Mb + 77 Gb of files on disk
• Discuss and help with new maint setup for webUI and API for Test::Smoke results. Thanks Todd Rinaldo (‎toddr‎) for picking this up!!!!
• Talk about Configure and its bus factor. Incl a podcast recording with Philippe Bruhat (‎BooK‎))
• Evaluate new Devel::Cover and help digging into failures
• Digging into Test2::Harness fallout due to installation of an old(er) version-conflict
• Fix stack corruption issue in Text::CSV_XS (Thanks Leon Timmermans (‎leont‎)!)
• Many many useful discussions

Shoichi Kaji (‎skaji‎)

• Released cpm v1: https://metacpan.org/pod/App::cpm

Tina Müller (‎tinita‎)

• YAML::XS
  • Fix memory leak for trailing UTF8 octets
  • Fix detecting floats in YAML 1.2 Core Schema
  • v0.906.1-TRIAL: Turn off cyclic references by default (potential memory leak)
• YAML::PP
  • Security: Limit default allowed maximum nesting level.
• libyaml
  • Fix Denial of Service vulnerability: Limit depth of nesting by default
  • Handle closing flow sequence after explicit key
• Sat together with Thibault Duponchelle (‎tibtib‎) and talked about attack vectors in PAUSE regarding YAML

atoomic

• Quick Summary for PSC26: Open 42 issues ; Worked on 141 PRs ; 86 Merged
• Mainly focused on Test-More/Test2-Harness refactor with 27 PRs merged
• but also updated, modernized and released v2 for perl-actions/install-with-cpm, perl-actions/install-with-cpanminus
  • update node to v24
  • several security updates
  • upstream stack up to date
  • added a few extra features: retry, cache, mirror...
• TimeDate -Worked on 14 issues
• Clone: merged 4 PRs ; release pending
• helped modernized Perl-Toolchain-Gang/Test-Smoke
• exchanged on feature requests for metacpan/metacpan-grep-front-end
• workshop: collaborate with Robert on automation Policy
• talk: AI discussion, attended Perl Core features talk from Leonerd

Thomas Klausner (‎domm‎)

• Added a local-dev setup using docker-compose to PAUSE: https://github.com/andk/pause/pull/588, already merged!
• Might have been shanghaied to look into making PAUSE an OAuth2 identity provider
• Attended a interview podcast recording about Vienna.pm with Philippe Bruhat (‎BooK‎)
• Running errands, un/locking doors, organize food etc

Paul Evans (‎LeoNerd‎)

• Presented two talks outlining upcoming or potential future core perl ideas and designs
• Lots of discussions about class/role feature design
• Fixed a small bug in the `Socket` dual-life module
• Pointed atoomic+Todd Rinaldo (‎toddr‎) at the "static cow" ability of newer perls as a nicer way to solve a `B::C` issue
• Looked into `Devel::Cover` interactions with perl's `PL_perldb` variable with Paul Johnson (‎pjcj‎)
• Lent some words on the theme of the ever-looming "AI tools" discussions
• Held an in-person PSC meeting to triage the release-blocker queue and manage some outstanding issues
• Attended a interview podcast recording with the PSC with Philippe Bruhat (‎BooK‎)

Robert Rothenberg (‎rrwo‎)

• Worked with CPANSec on various projects
  • Vulnerability discovery
    • Released a fix for Text::Minify::XS (thanks to Karl Williamson for helpful advice on handling Unicode in XS)

• CNA improving the vulnerability to fix and disclosure workflow
  • We want to reduce delays to releasing fixes and disclosing vulnerabilities, but we also want to communicate with authors in a way that does not put pressure on them.
    • CPANSec is a resource to assist authors with security issues.

• Working on a ideas with Salve J. Nilsen (‎sjn‎) about where new kinds of metadata should go, so that authors can experiment with it over the next year.
  • Blog post(s) will be forthcoming
  • A proposal for documenting how AI and automation fits into a project (with atoomic)
  • Ideas in GitHub at https://github.com/CPAN-Security/cpan-metadata-v3
• Joined the DBI core maintenance team
• Participated in various discussions
  • AI usage meeting was lively but productive.
  • Paul Evans (‎LeoNerd‎) talks about upcoming and potential improvements.
  • Karl Williamson on UTF-8
  • Salve J. Nilsen (‎sjn‎)'s talks on CRA and steward organization
  • META v3 and Community Health Documentation

Christian Walde (‎Mithaldu‎)

• PPI - several releases with:
  • two separate performance fixes for features/signature parsing in large files (thanks mauke)
  • support for dotted bitwise operators (thanks BooK)
  • fixes for code location indexing (thanks myrrhlin)
  • many other small things
• had toddr help me automatically generate a lot of PPI tests (and some fixes) for currently broken behaviours
• several conversations with Leonerd on the relationship between classes and roles and better replacements for roles, as well as what makes acceptable behaviours in po syntax; and advice on how to get feedback with little effort

Andreas Koenig

• released CPAN.pm-2.39-TRIAL
• Security fixes on PAUSE
  • Ignore README or META.xxx in uploaded distributions when they are symlinks (Stig Palmquist)
  • Fix Possible timing attack in ABRA lookup (Thibault Duponchelle)
  • replace rand() with Crypt::URandom::urandom() (Thibault Duponchelle)
  • discussed some more potential security issues with Stig Palmquist and Graham Knop
• applied circa 15 pull requests to PAUSE together with Kenichi Ishigaki
• participated in discussions about deprecation of Module::Signature and shutdown of the email forwarding service for the CPAN

Timothy Legge (‎timlegge‎)

• Various CPANSec discussions
  • CNA - How to reduce the required to issues CVEs
  • CNA - Improve the disclosure workflow process
  • CNA - Recognize the impact of security reports on maintainers
• Worked with Todd Rinaldo (‎toddr‎) to release Crypt::OpenSSL:::RSA which restored PKCS1 v1.5 padding for signatures
• Participated in various discussions on:
  • CPAN Clients
  • Perl Platform support
  • AI and the Perl Community
  • Karl Williamson on UTF-8
• H.Merijn Brand (‎Tux‎) presented metaconfig and Configure to a small number of us
  • While not frequently changing H.Merijn Brand (‎Tux‎) gave us a great understanding of its importance and how it works
  • The hope is to improve the bus factor
• Deprecated Module::Signature
  • Audrey approved its deprecation
  • Module::Signature does not provide the expected security assurances
  • It is time to retire it and look for a new solution

Lukas Mai (‎mauke‎)

• helped Christian Walde (‎Mithaldu‎) disentangle and release a PPI patch (performance improvements)
• opened a handful of pull requests in CPAN modules to eliminate string comparisons on $] (e.g. `if ($] lt "5.010")`), which will break if $] exceeds 10.0 (e.g. if we were to "drop the 5.")
• attended talks by Paul Evans (‎LeoNerd‎) (future features, language design), Karl Williamson (UTF-8)
• many, many discussions

Doug Bell (‎preaction‎)

• Begun parsing report text to fill in data
  • Starting from Andreas's CPAN::Testers::ParseReport
  • Now have a framework to parallelize jobs over the entire report set
• Started to sync from backpan.perl.org to fill in CPAN Testers's backpan
  • Recovery from last winter's outage
• Initial MCP server for AI agents at https://mcp.cpantesters.org
• Started importing parsed reports into a new Postgres schema
  • Goal is to be able to travel upstream and downstream to aggregate report data