develooper Front page | perl.perl5.porters | Postings from March 2014

Re: Perl 5.20.0 Blockers, 2014-03-24

Thread Previous | Thread Next
Karl Williamson
March 31, 2014 03:57
Re: Perl 5.20.0 Blockers, 2014-03-24
Message ID:
On 03/30/2014 11:38 AM, Slaven Rezic wrote:
> I suspect that every CPAN module using strtod/sprintf indirectly through
> a shared library is broken.

I think you didn't understand my previous post on this 
<>.  These modules were already broken; 
it's just that their breakage didn't surface very often prior to the 
blamed patch.

It's like the hash key order randomization change.  Most modules that 
"broke" as a result of the change were already broken.  It's just that 
their tests and typical usage didn't cause the hashes to grow enough to 
cause an hsplit(), which, when it happens, causes the key order to 
change, IIRC.  The change, besides being necessary for security reasons, 
did the maintainers a favor by exposing a problem that could 
occasionally occur in the field and would be very hard to reproduce and 

In my post on this, I show how to easily get the same breakage symptoms 
on earlier Perl releases as the blamed commit gives in 5.19.

The blamed commit is not necessary for security, so we as a project 
might decide that it's not worth fixing these bugs, and to permanently 
revert the patch, documenting the issue.  But that is very different 
from the idea that this patch "broke" modules, and I believe it's 
important to keep that distinction in mind when making whatever decision 
gets made.

"The truth shall set you free, but first it will make you miserable"
    -- origin disputed, often (mis-)attributed to U.S. president James 
  	Garfield, who BTW came up with an original proof of the Pythagorean 

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About