On Tue, Jun 24, 2008 at 3:50 AM, Paul Fenwick <[EMAIL PROTECTED]> wrote: > Unfortunately while the code may do nothing useful to *your* modules per se, > it's extremely useful should any be using your modules in a program that > uses taint mode and wants to be careful about their data. It's rather > awkward that Perl has ended up with the same code that commonly means "parse > this data" to implicitly mean "this data is safe".
Except "use re q/taint/" is lexical. So if some module isn't itself reading data from a potentially tainted source, then it really doesn't need to bother with this. That's not the same as strict and warnings, which always apply to my code. I'm kind of against encouraging more cargo-culted incantations, even if they are a good practice when appropriate. And there are a lot of applications of perl where security *isn't* a primary requirement and I don't think that we should set the bar of "Kwalitee" that high. I like the suggestion of a Perl::Critic module, as then people can decide whether they are working on something that requires a higher security standard and switch it on or off as needed. -- David
