2008/11/13 chromatic <[EMAIL PROTECTED]>: > On Wednesday 12 November 2008 22:36:31 demerphq wrote: > >> > I really, really, really don't want PAUSE modifying my stuff after it's >> > uploaded. Oh god the mysterious bugs. And then there's the fact that >> > the code I've put my name and signature on is not the same code as is >> > being distributed! That's a trust violation as well as maybe a license >> > violation. > >> Oh please, save me the drama. We aren't talking about modifying "your >> stuff" we are talking about twiddling some bits in a tar file. > > I can only think of several ways that could possibly go wrong.
Pray tell, what are they? > I understand why PAUSE enforces the policy that it won't index anything it > can't index, but I don't understand what permission bits that may or may not > be set have to do with indexing. > > I realize the longstanding Perl cultural view of encapsulation is, to put it > mildly, highly voluntary -- but the first time I catch a naked, drunk > neighbor rifling through my closet is the last time any naked, drunk neighbor > rifles through my closet, regardless of sincerity of intent. So you equate PAUSE unpacking the tar file, chmod'ing to not be world writable and then retarring it to a naked drunk neighbor rifling through your closet? I don't get it really, and I'm wondering what kind of neighborhood you live in!. And presumably this would never happen to you right? Being a switched on unix guy you wouldnt roll a world writable CPAN package anyway would you? If there is any comparison its like the library putting durable binding and a security strip on a book before it hits the shelves. Cheers, yves -- perl -Mre=debug -e "/just|another|perl|hacker/"
