Adrian Howard wrote: > > On 11 Dec 2007, at 05:12, Michael G Schwern wrote: > >> Adam Kennedy posed me a stumper on #toolchain tonight. In short, >> having a >> test which checks your signature doesn't appear to be an actual >> deterrent to >> tampering. The man-in-the-middle can just delete the test, or just the >> SIGNATURE file since it's not required. So why ship a signature test? >> >> The only thing I can think of is to ensure the author that the signature >> they're about to ship is valid, but that's not something that needs to >> be shipped. > [snip] > > It is something that needs to be shipped if you have the "CPAN is the > definitive version of a module. Somebody can fork from it" attitude. > > It certainly doesn't have to run though...
I'm really not a fan of shipping tests that don't get run. To be clear, I'd likely just delete it entirely and either A) trust that MakeMaker/Module::Build will do the right thing, which it always has for me or B) add a "cpansign verify" to my normal release script. Both avoid pooping a common author-only check all over the place. -- Robrt: People can't win Schwern: No, but they can riot after the game.
