>>>>> On Tue, 23 Feb 2010 21:57:07 +1100, Adam Kennedy <a...@ali.as> said:
> There is no reason to impose this kind of thing on end users, as the
> failure does not actually prevent the module from working, and the end
> user will have no way to resolve the problem.
> As for the test failing, the problem here is that in order to be work
> correctly, the test must be run before Makefile.PL is run at the very
> least, or ideally they should be run before the tarball is
> extracted.
This is irrelevant here because we absolutely agree that the test is not
the security test itself, it is a test that indicates that the security
check isn't flawed. Testing this is possible because the specific design
of Module::Signature is such that it can be run after extraction and
usually also at 'make test' time.
> The defect in the test is thus unresolvable, and thus the test should
> be dropped for end users.
This is quite a different argumentation than it was at the beginning of
this thread, and I have no problem with that. We will agree that
'dropped for end user' is not the same as 'removed'. And it's actually
what Module::Signature suggests in the manpage with
if (!$ENV{TEST_SIGNATURE}) {
print "ok 1 # skip Set the environment variable",
Isn't it?
--
andreas
