David Cantrell writes: > Smylers wrote: > > > It sounds scary to me. If I'm just installing a Perl module from > > Cpan on a newly installed OS, which happens to still have default DB > > connection permissions, I wouldn't expect the module's tests to > > start making use of the DB without asking. > > Of course, a module author can do that already,
Indeed (and she could also do the other things I mentioned, such as grabbing images or e-mail addresses). But I don't thing we should encourage such things as being a good practice. > > Further, if the module install fails the database may be left > > behind. > > Having a well-known module specifically for creating, accessing, and > tearing down the test database, written carefully and maintained, > instead of people just hacking up their own nasty solutions to the > problem whenever they need it - this will *reduce* the chances of that > happening. End result - less cruft left on your system *and* better > testing for databasey modules. Yes, that's good. Connecting using environment variables which the user (or tester) has explicitly set up for the purpose is also good. I like this proposal overall, and the current plan for implementing it -- it was only the 'let's grub around on the system and see if the user happens to have left a DBMS unprotected that we can use' but which scared me. Simon
