On 11 Dec 2007, at 05:12, Michael G Schwern wrote:
Adam Kennedy posed me a stumper on #toolchain tonight. In short,
having a
test which checks your signature doesn't appear to be an actual
deterrent to
tampering. The man-in-the-middle can just delete the test, or just
the
SIGNATURE file since it's not required. So why ship a signature test?
The only thing I can think of is to ensure the author that the
signature
they're about to ship is valid, but that's not something that needs
to be shipped.
[snip]
It is something that needs to be shipped if you have the "CPAN is the
definitive version of a module. Somebody can fork from it" attitude.
It certainly doesn't have to run though...
Adrian
