On Mon, 21 Nov 2005, Ken Williams wrote:
Think about what would happen if Satan uploaded a malicious distribution
called "PathTools" with a higher version number than mine. You'd want
the whole world to get Satan's distribution by default, just so they can
save a couple keystrokes?
Any ambigious situations such as that could easily be handled by asking
the user "KWILLIAMS and SATAN both are providing PathTools, which would
you like?" or having it spit out a list of choices and let the user
implicitly pick by then doing the "install AUTH/dist...gz" at that point.
Is there some REAL chance of harm in what we're talking about here that
couldn't be trivially ameliorated such as here?
My previous suggestion of having an explicit mapping would help avoid
getting the wrong person's PathTools. It wouldn't have to track versions
in the map since "PathTools" could map to KWILLIAMS/PathTools and
determine the latest from that. And as I pointed out the issue here isn't
merely distnames, but common misimpressions. Being able to "install
Template::Toolkit" won't cause the universe to blow-up.
Also, "lack of distname support" is overblowing the situation.
Distnames are supported perfectly fine as long as you put it in the
proper syntax with author's ID and version.
The proper syntax in this case is unnecessarily complex and utterly
nonobvious to all but the Perl cognescenti. That seems a pretty harsh way
to treat sysadmins stuck with installing Perl-based applications who may
have no prior Perl experience whatsoever. If there were some real harm in
making it easier it might make sense to me, but maybe somebody can share
with me something that's not a red herring that will help me get it.
--
</chris>
My aim is to agitate and disturb people. I'm not selling bread, I'm selling
yeast.
- Miguel de Unamuno, writer and philosopher (1864-1936)
