Andreas J. Koenig wrote:
On Thu, 20 Jul 2006 02:35:02 +1000, Adam Kennedy <[EMAIL PROTECTED]> said:
> On the other hand, give me an easy to use, works _everywhere_, never
> fails falsely positive or negative, never crashes, low-dependency
> security enhancement to CPAN clients that I never have to think about,
> then I'm in and I'll do anything you want.
Security is not a "never have to think about". We can inprove the
tools and make them work under battle conditions, but that's only one
dimension.
The other dimension is about improving security even with tools that
fail on Windows. We can and should do that. If we improve security
only for a small subset of users, we improve the overall security of
CPAN because the small subset can pull the alarm bell faster.
I do agree, but if you are going to do that we should know NOT to tell
people on failing platforms to do something we know is going to fail.
So if we know it doesn't work on Windows (for example) we shouldn't be
telling them to install Module::Signature, because it just leads them
down the wrong (painful) path.
Adam K
