GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CPAN::Audit::DB(3) User Contributed Perl Documentation CPAN::Audit::DB(3)

CPAN::Audit::DB - the CPAN Security Advisory data as a Perl data structure, mostly for CPAN::Audit

This module is primarily used by CPAN::Audit.

        use CPAN::Audit::DB;
        my $db = CPAN::Audit::DB->db;

The "db" subroutine returns the CPAN Security Advisory (CPANSA) reports as a Perl data structure. However, anything can use this.

Each release also comes with a .gpg file that has the signature for the file. If you cannot confirm that the module file has the right signature, it might have been corrupted or modified.

This module is available outside of CPAN as a release on GitHub: <https://github.com/briandfoy/cpan-security-advisory/releases>. Each release on GitHub includes an attestation.

There is also a JSON file that provides the same datastructure.

There is exactly one subroutine:

db

Returns the hashref of all the CPANSA reports.

This distribution now uses GitHub Attestations <https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/>, which allow you to verify that the archive file you have was made from the official repo.

You need a GitHub account and the gh tool <https://github.com/larsks/ghcli>.

        # download the distro file from GitHub, MetaCPAN, or a CPAN mirror
        $ gh auth login
        ...follow instructions...
        $ gh attestation verify CPANSA-DB-20241111.tar.gz --owner briandfoy

Additionally, each release codes with GPG signature that allows you to verify that this. The key is the same one used when the database was distributed with CPAN::Audit:

        $ gpg --verify lib/CPANSA/DB.pm.gpg lib/CPANSA/DB.pm
        gpg: Signature made Mon Nov 18 11:00:10 2024 EST
        gpg:                using RSA key 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041
        gpg: Good signature from "CPAN::Audit (brian d foy) (https://github.com/briandfoy/cpan-audit) <bdfoy@cpan.org>" [ultimate]

Everything is managed in GitHub:

<https://github.com/briandfoy/cpan-security-advisory/releases>
2025-01-04 perl v5.40.2

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.