Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
David Golden wrote: Adam Kennedy wrote: And therein lies the problem. Working out when a dependency is important and when it's useless, or vanity, or lazyness (good or bad) or whatever requires a human judgment call. So we can't really do anything about it. Is it OK to use a lot of dependencies if they all work? :) Well, if it isn't a patent violation, something along the lines of Google's PageRank algorithm. A module's dependency Kwalitee score is based on a combination of the Kwalitees of its dependencies. Perhaps done as average distance from the mean? If the average kwalitee is 13, yours is 13, and your deps are scoring 14, 15 and 16 then your KwaliteeRank is 2. You couldn't use it as a Kwalitee element directly, but having a KwaliteeRank on the website might get interesting. Adam K
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
> On Fri, 27 Jan 2006 15:42:58 +0100, Tels <[EMAIL PROTECTED]> said: > I am still considering building something[0] that shows the > module-dependency as a graph to show how "bad" the problem has become. > Even "simple" modules like YAML seem to include everything and the > kitchen-sink :-( Have a look at Test::Prereq. -- andreas
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
Adam Kennedy wrote: And therein lies the problem. Working out when a dependency is important and when it's useless, or vanity, or lazyness (good or bad) or whatever requires a human judgment call. So we can't really do anything about it. Is it OK to use a lot of dependencies if they all work? :) Well, if it isn't a patent violation, something along the lines of Google's PageRank algorithm. A module's dependency Kwalitee score is based on a combination of the Kwalitees of its dependencies. David
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
Yitzchak Scott-Thoennes wrote: On Fri, Jan 27, 2006 at 03:42:58PM +0100, Tels wrote: On Thursday 26 January 2006 15:26, Thomas Klausner wrote: I just uploaded Module::CPANTS::Analyse to CPAN. MCA contains most of the previous Kwalitee indicators and some code to check if one distribution tarball conforms to those indicators. It also includes a script calls cpants_lint.pl which is basically a frontend to the module. Very cool. However, I am _really really_ starting to wonder whether we need a Kwalitee rating based on *excessive usage of prerequisites*. How about two; one, a point for not having lots of prerequisites, and another, a point for having lots of prerequisites. Where lots is defined as the same number in both cases. Or for real evil, limit the highest possible kwalitee you can get to the lowest value of your dependencies. If you're using something that score only 5, you score only 5 too, at MOST. :) Adam K
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
Yitzchak Scott-Thoennes wrote: On Fri, Jan 27, 2006 at 03:42:58PM +0100, Tels wrote: On Thursday 26 January 2006 15:26, Thomas Klausner wrote: I just uploaded Module::CPANTS::Analyse to CPAN. MCA contains most of the previous Kwalitee indicators and some code to check if one distribution tarball conforms to those indicators. It also includes a script calls cpants_lint.pl which is basically a frontend to the module. Very cool. However, I am _really really_ starting to wonder whether we need a Kwalitee rating based on *excessive usage of prerequisites*. How about two; one, a point for not having lots of prerequisites, and another, a point for having lots of prerequisites. Where lots is defined as the same number in both cases. Yep :) And therein lies the problem. Working out when a dependency is important and when it's useless, or vanity, or lazyness (good or bad) or whatever requires a human judgment call. So we can't really do anything about it. Is it OK to use a lot of dependencies if they all work? :) Adam K
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
On Fri, Jan 27, 2006 at 03:42:58PM +0100, Tels wrote: > On Thursday 26 January 2006 15:26, Thomas Klausner wrote: > > I just uploaded Module::CPANTS::Analyse to CPAN. MCA contains most of > > the previous Kwalitee indicators and some code to check if one > > distribution tarball conforms to those indicators. It also includes a > > script calls cpants_lint.pl which is basically a frontend to the > > module. > > Very cool. > > However, I am _really really_ starting to wonder whether we need a > Kwalitee rating based on *excessive usage of prerequisites*. How about two; one, a point for not having lots of prerequisites, and another, a point for having lots of prerequisites. Where lots is defined as the same number in both cases.
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
On Fri, Jan 27, 2006 at 03:42:58PM +0100, Tels wrote: > > I am still considering building something[0] that shows the > module-dependency as a graph to show how "bad" the problem has become. > > [0] As soon as I can extract the nec. data from CPANTS, which has failed > the last two times I tried that for very similiar reasons - lots of > dependencies, test failures, database scheme changed etc. ... A member of Birmingham.pm has already written it, although his server seems to be down at the moment. Considering it is quite a nice little tool, I'll see if he'll let me host it on the Birmingham.pm server for you all to have a play with. Barbie.
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tels wrote:
>
> However, I am _really really_ starting to wonder whether we need a
> Kwalitee rating based on *excessive usage of prerequisites*.
Doing work based on existing CPAN modules instead of reinventing the
wheel by oneself is typically *beneficial* to quality, because it
tremendously enhances test coverage: the prerequisites are supposedly
useful to other things besides supporting the top-most module, and are
tested for such alternate uses. Witness e.g. Catalyst.
On the other hand, what about a negative kwalitee metrics of "this
module depends on a lot of *crappy* [low-kwalitee] modules"? A case
could be made that that denotes poor architectural oversight on the
part of the top-most module's author.
> * technically, I would have to audit each module before installing
> it...
Sorry, this is a strawman argument: human-based audits are not a
credible defense against _intentional_ security vulnerabilities in
code. Case in point (for C):
http://www.brainhz.com/underhanded/
Bottom line: you have to trust the CPAN authors to some extent (for
not being evil).
> * "perl Makefile.PL && make test && make install" is the mantra for
> everything
... including a credible surrogate for auditing code whose author you
do trust. Actually that's the best the industry can do yet, short of
sandboxing (which is orthogonal to the issue at hand) and program
proving (which is a pipe dream for Perl, needless to say)
>
> ** some modules use Module::Build and the above doesn't work
Not all Module::Build modules lack a working Makefile.PL. My idea of
measuring the average kwalitee of the dependencies would of course
capture this ("depends on a module that is not buildable by CPAN" =
bad, baad)
> [Lots of CPAN-related problems]
Yes, CPAN can be a pain; however (kw|qu)alit(ee|y) is not meant to be
a metrics of how easy to install a module is, but rather of whether it
is possible to build something strong upon it, and to do so quickly
and easily. (Or am I mistaken?)
I have another idea. What about reversing the odds, and rewarding
those modules that provide an all-in-one archive (e.g. CatInABox,
http://use.perl.org/~jk2addict/journal/28071) or a pure-Perl
zero-dependency version with perhaps a restricted feature set, in
addition to the "full" CPAN version? (hmm, maybe this check would be
difficult to automate)
- --
Dominique QUATRAVAUX Ingénieur senior
01 44 42 00 08 IDEALX
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD2k2AMJAKAU3mjcsRAixAAKCECzfjIpHY4ACZcRVku5ykLGuR2wCgooHO
vzWpvzCv+w6jmTWZ4ry68ms=
=L8V7
-END PGP SIGNATURE-
Re: Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
Moin, On Thursday 26 January 2006 15:26, Thomas Klausner wrote: > Hi! > > I finally found some tuits to work on CPANTS again. As the previous > implementation had some drawbacks, I started from scratch, and from > another direction. > > I just uploaded Module::CPANTS::Analyse to CPAN. MCA contains most of > the previous Kwalitee indicators and some code to check if one > distribution tarball conforms to those indicators. It also includes a > script calls cpants_lint.pl which is basically a frontend to the > module. Very cool. However, I am _really really_ starting to wonder whether we need a Kwalitee rating based on *excessive usage of prerequisites*. On the box I tried to use it I had to install basically dozens of modules, with a few twists: * cant use CPAN (due to network security), so have to download everything manually, transfer it via USB stick etc. * technically, I would have to audit each module before installing it... * "perl Makefile.PL && make test && make install" is the mantra for everything except: ** some modules use Module::Build and the above doesn't work ** for some modules Makefile.PL will succeed, even tho the PREREQ are not met, meaning you get lots of silly test failures (at least it doesn't install the module because "make test" will fail) * in the middle of the operation search.cpan.org broke down, so I had to stop and wait 15 mins until I could continue (Murphy :) * in the end, tests fail, so all was probably for naught: Failed Test Stat Wstat Total Fail Failed List of Failed -- t/analyse.t2 512102 20.00% 6-7 Failed 1/10 test scripts, 90.00% okay. 2/56 subtests failed, 96.43% okay. make: *** [test] Error 255 :-( Will send you the full output off-list. I am still considering building something[0] that shows the module-dependency as a graph to show how "bad" the problem has become. Even "simple" modules like YAML seem to include everything and the kitchen-sink :-( Best wishes, Tels [0] As soon as I can extract the nec. data from CPANTS, which has failed the last two times I tried that for very similiar reasons - lots of dependencies, test failures, database scheme changed etc. ... -- Signed on Fri Jan 27 15:33:57 2006 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email. "The need for a Steam account to play HL2 is like having to login to MS Passport to play Minesweeper." -- Tels pgpwx4HJDGsDy.pgp Description: PGP signature
Fwd: CPAN Upload: D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
Hi!
I finally found some tuits to work on CPANTS again. As the previous
implementation had some drawbacks, I started from scratch, and from
another direction.
I just uploaded Module::CPANTS::Analyse to CPAN. MCA contains most of
the previous Kwalitee indicators and some code to check if one
distribution tarball conforms to those indicators. It also includes a
script calls cpants_lint.pl which is basically a frontend to the
module.
Example:
cpants_lint.pl path/to/Foo-Bar-1.42.tgz
Checked distFoo-Bar-1.42.zip
Kwalitee rating 15/16
Here is a list of failed Kwalitee tests and
what you can do to solve them:
* has_changelog
Add a Changelog (best named 'Changes') to the distribution. It should
list at least major changes implemented in newer versions.
With Module::CPANTS::Analyse you can now check Kwalitee before uploading
to CPAN. Test::Kwalitee should be easly doable now. I will add some more
Kwalitee indicators soon, and then start to look for a new server (I
start a new job in February so I won't be able to use my old dev-box for
this).
- Forwarded message from PAUSE <[EMAIL PROTECTED]> -
The uploaded file
Module-CPANTS-Analyse-0.5.tar.gz
has entered CPAN as
file: $CPAN/authors/id/D/DO/DOMM/Module-CPANTS-Analyse-0.5.tar.gz
size: 20772 bytes
md5: 1a4d1ec910402d7cb4d76bf89693f0d8
- End forwarded message -
--
#!/usr/bin/perl ... http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
