Front page | perl.perl5.porters |
Postings from March 2014
On 03/30/2014 11:38 AM, Slaven Rezic wrote:
> I suspect that every CPAN module using strtod/sprintf indirectly through
> a shared library is broken.
I think you didn't understand my previous post on this
<53275EB2.4000809@khwilliamson.com>. These modules were already broken;
it's just that their breakage didn't surface very often prior to the
blamed patch.
It's like the hash key order randomization change. Most modules that
"broke" as a result of the change were already broken. It's just that
their tests and typical usage didn't cause the hashes to grow enough to
cause an hsplit(), which, when it happens, causes the key order to
change, IIRC. The change, besides being necessary for security reasons,
did the maintainers a favor by exposing a problem that could
occasionally occur in the field and would be very hard to reproduce and
debug.
In my post on this, I show how to easily get the same breakage symptoms
on earlier Perl releases as the blamed commit gives in 5.19.
The blamed commit is not necessary for security, so we as a project
might decide that it's not worth fixing these bugs, and to permanently
revert the patch, documenting the issue. But that is very different
from the idea that this patch "broke" modules, and I believe it's
important to keep that distinction in mind when making whatever decision
gets made.
"The truth shall set you free, but first it will make you miserable"
-- origin disputed, often (mis-)attributed to U.S. president James
Garfield, who BTW came up with an original proof of the Pythagorean
theorem
Thread Previous
|
Thread Next