David Golden wrote:
On Sun, Nov 1, 2009 at 10:51 AM, Slaven Rezic wrote:
Why not? A few CPU cycles later "perl Makefile.PL" or "perl Build.PL"
happens.
Yes, but in a subprocess.
Where's the difference? There's no extra security CPAN.pm provided when
executing Makefile.PL.
And YAML/JSON
On Sun, Nov 1, 2009 at 10:51 AM, Slaven Rezic wrote:
> Why not? A few CPU cycles later "perl Makefile.PL" or "perl Build.PL"
> happens.
Yes, but in a subprocess. And YAML/JSON can be validated statically
much more easily than Perl.
-- David
David Golden wrote:
On Sun, Nov 1, 2009 at 3:51 AM, Slaven Rezic wrote:
- those who don't care to eval perl code, because they do it anyway in the
same process (i.e. when installing a CPAN distribution with CPAN/CPANPLUS)
The second group doesn't really want to do it either in all cases.
Wh
On Sun, Nov 1, 2009 at 3:51 AM, Slaven Rezic wrote:
> - those who don't care to eval perl code, because they do it anyway in the
> same process (i.e. when installing a CPAN distribution with CPAN/CPANPLUS)
The second group doesn't really want to do it either in all cases.
Jarkko Hietaniemi wrote:
I really don't think we should have Perl data structures in files
(that means Perl code, right?), because that indicates doing an eval,
and I don't want to eval any more random code off the 'net than
necessary.
Consumers of META.yml may be separated into two groups:
- t
On Fri, Oct 09, 2009 at 03:05:47PM -0700, David E. Wheeler wrote:
> On Oct 9, 2009, at 10:52 AM, Graham Barr wrote:
>
>> I strongly agree that we should not be having perl code in the META
>> file for
>> security reasons. Although most people would use Safe to read it,
>> there would be
>> thos
Jarkko Hietaniemi wrote:
>I really don't think we should have Perl data structures in files
>(that means Perl code, right?), because that indicates doing an eval,
Not necessarily. Working in *a defined subset of* Perl syntax would mean
that readers have both options. Evaling would probably be ac
On Oct 9, 2009, at 4:22 PM, Ricardo Signes wrote:
I have made this change in a branch, here:
http://github.com/rjbs/cpan-meta-spec/tree/restructure
The branch changes the meat of the spec to discuss things in Perl
terms and
moves the existing discussion of YAML format to the end of the
do
* David Golden [2009-10-09T07:44:43]
> 06. Data structures, not YAML
>
> Proposal:
>
> The META spec should be defined in terms of (Perl) data structures, and not
> in terms of YAML. (Slaven Rezic)
I have made this change in a branch, here:
http://github.com/rjbs/cpan-meta-spec/tree/restruct
On Oct 9, 2009, at 10:52 AM, Graham Barr wrote:
I strongly agree that we should not be having perl code in the META
file for
security reasons. Although most people would use Safe to read it,
there would be
those that would not and could get caught out
But the spec should also not be biased
On Oct 9, 2009, at 9:11 AM, Jarkko Hietaniemi wrote:
I really don't think we should have Perl data structures in files
(that means Perl code, right?), because that indicates doing an eval,
and I don't want to eval any more random code off the 'net than
necessary.
I strongly agree that we shoul
I really don't think we should have Perl data structures in files
(that means Perl code, right?), because that indicates doing an eval,
and I don't want to eval any more random code off the 'net than
necessary.
On Fri, Oct 9, 2009 at 8:14 AM, Ricardo Signes
wrote:
> * David Golden [2009-10-09T07
* Jarkko Hietaniemi [2009-10-09T10:11:35]
> I really don't think we should have Perl data structures in files
> (that means Perl code, right?), because that indicates doing an eval,
> and I don't want to eval any more random code off the 'net than
> necessary.
Right. We definitely want a proper
Ricardo Signes wrote:
* David Golden [2009-10-09T07:44:43]
06. Data structures, not YAML
Proposal:
The META spec should be defined in terms of (Perl) data structures, and not
in terms of YAML. (Slaven Rezic)
Agreed, but the spec should be very clear (perhaps, as said, in an appendix)
how th
On Fri, Oct 9, 2009 at 7:44 AM, David Golden wrote:
> 06. Data structures, not YAML
>
> Proposal:
>
> The META spec should be defined in terms of (Perl) data structures, and not
> in terms of YAML. (Slaven Rezic)
>
> Comments:
>
> * This does not mean that I want to replace YAML by a Perl data dum
On Oct 9, 2009, at 7:14 AM, Ricardo Signes wrote:
* David Golden [2009-10-09T07:44:43]
06. Data structures, not YAML
Proposal:
The META spec should be defined in terms of (Perl) data structures,
and not
in terms of YAML. (Slaven Rezic)
Agreed, but the spec should be very clear (perhaps,
* David Golden [2009-10-09T07:44:43]
> 06. Data structures, not YAML
>
> Proposal:
>
> The META spec should be defined in terms of (Perl) data structures, and not
> in terms of YAML. (Slaven Rezic)
Agreed, but the spec should be very clear (perhaps, as said, in an appendix)
how the data should
06. Data structures, not YAML
Proposal:
The META spec should be defined in terms of (Perl) data structures, and not
in terms of YAML. (Slaven Rezic)
Comments:
* This does not mean that I want to replace YAML by a Perl data dump (or
maybe yes, but see below). It is just about the specification
18 matches
Mail list logo