Russ Allbery writes: > Ben Hutchings writes: >> People have said this about ASLR, protected symlinks, and many other >> kinds of security hardening changes. We made them anyway and took the >> temporary pain for a long-term security gain. > > Well, Perl has a deprecation mechanism with warnings and so forth, > although I don't think Perl has ever actively broken a feature outside of > "use <version>" with a later version, except for features marked as > experimental. But I suppose it's possible.
'.' was eventually removed from @INC by default. It also wasn't seen as a security problem when I reported it as such (or not worth fixing at the time), but only years later when someone else reported it again. So maybe awareness changed a bit. But "<>" isn't the only problem, there are way too many uses of the two-argument form of Perl's "open" too... Ansgar