Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 03:40:17PM +0300, Shlomi Fish wrote:

> My suggestion for resolving this is to modify the smoking modules so, after 
> the archive is unpacked (with a proper umask and arguments to tar), they will 
> traverse the directory tree and look for any world-writable files. If any are 
> found, they will report the smoking of the module as "FAIL", and delete the 
> unpacked directory tree, without doing the "perl Makefile.PL/Build.PL ..." 
> dance.
>
> Now I volunteer to implement this.

If you do implement this, it shouldn't be the default.  Spurious
failures are annoying.  And remember, not everyone creates their
tarballs on a platform to which Unix permissions map well.  eg, Windows
users.

-- 
David Cantrell | Official London Perl Mongers Bad Influence

    I caught myself pulling grey hairs out of my beard.
    I'm definitely not going grey, but I am going vain.

• [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael Peters
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael Peters
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: stowpan (was Dealing with World-writable Files ...) by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by chromatic
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Jos I. Boumans
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by demerphq
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ken Williams
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ken Williams
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by chromatic
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Smylers
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Aristotle Pagaltzis
• Re: running cpan as a nobody by Eric Wilhelm
• Re: running cpan as a nobody by Aristotle Pagaltzis
• Re: running cpan as a nobody by Eric Wilhelm
• Re: running cpan as a nobody by Aristotle Pagaltzis