develooper Front page | perl.perl5.porters | Postings from March 2012

Re: pop @INC (".")

Thread Previous | Thread Next
From:
Todd Rinaldo
Date:
March 9, 2012 03:35
Subject:
Re: pop @INC (".")
Message ID:
33042746-36C2-4AAA-9F34-4116AF0BB79B@cpanel.net

On Mar 9, 2012, at 3:33 AM, Aristotle Pagaltzis wrote:

> I *would* like to caution that this option may prove an attractive
> nuisance to some vendor who might ship a perl with it enabled out of
> some notion of security-mindedness, which may then exert pressure on the
> wider Perl ecosystem to “fix” code. That and not really anything else
It's a valid concern. In fact, 3 distro maintainers have already chimed in on this list to say they'd prefer "." not be in the path. I would think security minded distros would also want to take a hard look at it. I would like to have some idea before I started what the CPAN impact would be. Besides Tests, I'm struggling to come up with any other code that would rely on ".". I'll set some time aside to look into it.

> concerns me. I would hope that can be countered by clearly marking the
> option as officially inadvisable and if possible by somehow sticking it
> in a disused lavatory, but I am not sure that will work and we may end
> up needing another “$vendorX ships a broken perl” shit-storm before word
> of the official position gets around.

I'm not sure I would be for this change if it was documented as "officially inadvisable". As you say, the risk is high an unknowing distro maintainer could leap before they look saying "oooh! new shiny" all the way down. 


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About