action #104164

Updated by kraih 6 months ago

## Motivation suggests to remove the package with reasoning

> Unsafe and no release since 2018

We use that e.g. in in container/openqa/, tools/run-tests-within-container, dist/rpm/openQA.spec, etc. Also in os-autoinst scope*&type=code , e.g. in and so we should look to assess the situation, find mitigations or suggest a way to have a fixed version of perl-App-cpanminus. As I see sufficient activity in maybe we should switch the package to checkout from that branch instead of CPAN releases.

## Acceptance criteria
* **AC1:** openQA is not vulnerable to any of the mentioned CVEs
* **AC2:** The package `perl-App-cpanminus` has not been removed from Factory (or we are using an alternative like `curl -L | perl - -M ...`)