Package: libnanomsg-raw-perl Severity: important Dear maintainer,
Your package uses the Perl module HTTP::Tiny to access an insecure URL (http://cpanidx.org/cpanidx/json/mod/$pkg). Your package could use the secure version. Please remember to set HTTP::Tiny's verify_SSL attribute to a true value. By default, that module does not validate the identity of server certificates. The documentation states that "Server identity verification is controversial and potentially tricky..." [1] Will you please use the secure URL for https://cpanidx.org and turn on the verify_SSL attribute in HTTP::Tiny? Kind regards Felix Lechner [1] https://metacpan.org/pod/HTTP::Tiny#SSL-SUPPORT
