Michael G Schwern wrote:
>
> Oddly enough, Perl does handle this... mostly. The CPAN shell can
> automatically download and install prerequisites for modules, provided
> the module explicitly declares the prereqs. Class::DBI ultimately
> needs something like 9 other CPAN modules, which would be a nightmare
> but for this feature.
>
The issue is actually not auto-downloading modules and their prerequisites,
but actually packaging several scripts and modules in one file, so as Java's
jar do. I think supporting this would be neat.
As to the question of security, if you download a script on a site that says
it does XYZ and you actually trust the script does XYZ (trust in the sense
that you *believe* it), I don't see why wouldn't you trust that the script
would load modules that aren't harmful, either from CPAN or from another
place.
And having to see the code before installing is not a proof of security at
all, since Perl is the king of obfuscating languages and (I expect) Perl 6
will be able to distribute code in byte-code form. So I don't actually see
how auto-loading of modules from Internet is so much more untrustful than
manual-loading of the same modules from Internet, if they are pretty
obfuscated or are in byte-code form. Only a sandbox or something like that
can assure security in either case.
- Branden
