>> http://www.theregister.co.uk/2017/09/15/pretend_python_packages_prey_on_poor_typing/Would
>> CPAN be subject to the same problem as described in the article above?
>
> Yes.
>
> DBI::Class, for example, could be a typo for DBIx::Class or a
> misremembered Class::DBI, and there's nothing stopping anyone from
> uploading a DBI::Class package that does all kinds of dodgy stuff.
There are plenty of confusable (small edit distance) pairs of module names on
CPAN.
For example,
Algorithm::SVM and Algorithm::VSM
AI::POS and AI::PSO
both pairs are from different dists. More likely with short acronyms.
One thing we could do is have a tool looking at newly registered package names
and alert the PAUSE admins to have a look at any that are a short edit distance
from an existing package name.
Neil
