Eric Wilhelm writes: > # from Smylers > # on Sunday 21 January 2007 11:50 pm: > > > Eric Wilhelm writes: > > > > > If that isn't enough, I suppose you could do "if the env var is an > > > executable, run it and capture the output"? > > > > Nice -- so that if you manage to trick somebody into setting that > > environment variable you can get them to run any code you want the > > next time they install a Cpan module that doesn't explicitly set > > this variable? > > Sure. That, and $EDITOR.
I think there's a difference. Apart from EDITOR being much more well-known and standard, invoking an editor is something which the user is usually expecting, and can see when it's happened. Even without the variable being set some default editor runs. This would be an environment variable which optionally ran some additional process; if that process is silent that from user's point of view it doesn't look any different from the variable not being set. And if they were just installing a Cpan module they very likely don't even know that such a hook exists (if they even know about testing). > I don't think defining an environment variable to point to an > executable is a huge issue. Agreed, it isn't huge. But it'd be better not to introduce even a small risk if we don't have to. And Adam now says we don't need this for his desired features. Smylers
