>> http://www.theregister.co.uk/2017/09/15/pretend_python_packages_prey_on_poor_typing/Would >> CPAN be subject to the same problem as described in the article above? > > Yes. > > DBI::Class, for example, could be a typo for DBIx::Class or a > misremembered Class::DBI, and there's nothing stopping anyone from > uploading a DBI::Class package that does all kinds of dodgy stuff.
There are plenty of confusable (small edit distance) pairs of module names on CPAN. For example, Algorithm::SVM and Algorithm::VSM AI::POS and AI::PSO both pairs are from different dists. More likely with short acronyms. One thing we could do is have a tool looking at newly registered package names and alert the PAUSE admins to have a look at any that are a short edit distance from an existing package name. Neil