On Thu, Feb 08, 2001 at 12:07:18PM -0200, Branden wrote:
> The issue is actually not auto-downloading modules and their prerequisites,
> but actually packaging several scripts and modules in one file, so as Java's
> jar do. I think supporting this would be neat.
I thought about making a "par" utility. It would basically do this:
# for each module needed...
perl Makefile.PL PREFIX=foo LIB=foo/lib
make test
make install
Then you just stick your program into foo/bin or something and tar it
all up and ship it off. The "pun" utility (I couldn't resist) then
untars the thing and runs "perl -Ifoo/lib foo/bin/whatever.plx".
Any obvious flaws? Poke me enough and I'll get around to doing it.
> As to the question of security, if you download a script on a site that says
> it does XYZ and you actually trust the script does XYZ (trust in the sense
> that you *believe* it), I don't see why wouldn't you trust that the script
> would load modules that aren't harmful, either from CPAN or from another
> place.
Download Memoize from CPAN sometime and install it. Make sure you're
sitting down. All it takes is one joker, or one person to have a bad
day, or get a little too drunk one night near a computer.
We *can* automate security auditing of CPAN. I know it can be done
because I've seen it done on smaller scales and it will happen. If
you missed it, look at the CPANTS synopsis
http:[EMAIL PROTECTED]/msg00148.html
Its vapor yet, but its all within the realm of "solved problems".
--
Michael G. Schwern <[EMAIL PROTECTED]> http://www.pobox.com/~schwern/
BOFH excuse #301:
appears to be a Slow/Narrow SCSI-0 Interface problem