develooper Front page | perl.module-authors | Postings from November 2005

Re: When CPAN shell cannot find a module

Thread Previous | Thread Next
Christopher Hicks
November 23, 2005 04:39
Re: When CPAN shell cannot find a module
Message ID:
On Mon, 21 Nov 2005, Ken Williams wrote:
> Think about what would happen if Satan uploaded a malicious distribution 
> called "PathTools" with a higher version number than mine.  You'd want 
> the whole world to get Satan's distribution by default, just so they can 
> save a couple keystrokes?

Any ambigious situations such as that could easily be handled by asking 
the user "KWILLIAMS and SATAN both are providing PathTools, which would 
you like?" or having it spit out a list of choices and let the user 
implicitly pick by then doing the "install AUTH/dist...gz" at that point. 
Is there some REAL chance of harm in what we're talking about here that 
couldn't be trivially ameliorated such as here?

My previous suggestion of having an explicit mapping would help avoid 
getting the wrong person's PathTools.  It wouldn't have to track versions 
in the map since "PathTools" could map to KWILLIAMS/PathTools and 
determine the latest from that.  And as I pointed out the issue here isn't 
merely distnames, but common misimpressions.  Being able to "install 
Template::Toolkit" won't cause the universe to blow-up.

> Also, "lack of distname support" is overblowing the situation. 
> Distnames are supported perfectly fine as long as you put it in the 
> proper syntax with author's ID and version.

The proper syntax in this case is unnecessarily complex and utterly 
nonobvious to all but the Perl cognescenti.  That seems a pretty harsh way 
to treat sysadmins stuck with installing Perl-based applications who may 
have no prior Perl experience whatsoever.  If there were some real harm in 
making it easier it might make sense to me, but maybe somebody can share 
with me something that's not a red herring that will help me get it.


My aim is to agitate and disturb people. I'm not selling bread, I'm selling
            - Miguel de Unamuno, writer and philosopher (1864-1936)

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About