Moin,
On Thursday 06 July 2006 03:22, Jonathan Rockway wrote:
It adds a dependency on a binary application (gpg) that users have to
install by hand, doesn't check for the presence of it properly, and
if you don't have it, installs an enormous chain of dependencies,
with said deps having some major issues of their own.
It's become bad enough that Module::Signature is being pulled from
Bundle::CPAN and being disabled by default in CPAN.pm, until
Module::Signature gets a maintainer capable that can make it somewhat
saner.
Er, you realize that you _dont_ have to check the signature if you system
is so broken as not allowing it?
I really don't understand that argument anyhow:
Replace Module::Signature with RPM and read it again:
It adds a dependency on a binary application (gpg) that users have to
install by hand, doesn't check for the presence of it properly, and
if you don't have it, installs an enormous chain of dependencies,
with said deps having some major issues of their own.
I don't think anybody would suggest SuSE do no longer sign their RPM
packages with their gpg key anymore... instead they make sure you have
gpg installed and configured properly before doing the signature check.
If you insist on running a system w/o gpg, and you want to check the
signature on a Perl package, you gotta go, configure your system and
install some software for the purpose.
Next someone tells me I can't use XS because it makes the distribution
depend on a compiler? :-)
Leaving of the signature of software distributions just because someone
isn't able to configure their system is so... so I fail the words for it.
Best wishes,
tels
--
Signed on Fri Jul 7 15:47:00 2006 with key 0x93B84C15.
Visit my photo gallery at http://bloodgate.com/photos/
PGP key on http://bloodgate.com/tels.asc or per email.
The difference between pornography and erotica is lighting -- Gloria
Leonard
pgptiZGndZIl9.pgp
Description: PGP signature