develooper Front page | perl.perl5.porters | Postings from August 2016

Re: [perl #128800] broken in Perl 5.24.1 rc2

Thread Previous | Thread Next
August 1, 2016 17:15
Re: [perl #128800] broken in Perl 5.24.1 rc2
Message ID:
Chris Travers wrote:
>Please fix it properly or not at all.  This idea of mostly supporting
>. in the INC but not really is going to cause a lot of people a LOT of

We *are* going to fix it properly: we're heading in the direction of
not having the implicit . in @INC at all.  Expect 5.26 to have at least
a big step in that direction.  The problem is that that's quite a big
break in compatibility, which we can't impose straight away.  Being a
core change, it also won't help the many programs that run on older
perl versions.  So in the short term we need some fixes that address the
really problematic cases without entirely dishonouring . in @INC, and even
in the long term we need some fixes that don't require the core change.

The changes that you're seeing now are those expedient fixes.  Yes,
they're not as good as the proper core change, but they're the best that's
possible to deal with this difficult situation.  They're the result
of a balancing act which the security list spent weeks thrashing out.
One of the two classes of immediate change is that code implementing
optional module loads won't honour . in @INC.  This is quite intrusive
to that code, and does cause problems, but really is the least bad thing
we can do to address the serious security problem. is especially problematic, because it gets used a lot more than
most optional module loading code, and especially because, due to its
poor design, it mostly gets used for module loads that are not intended
to be optional.  We know that this cost arises from the security fix,
and we chose to accept it.  It is still less disruptive than an immediate
total removal of . from @INC would be.

To avoid these problems, you should use instead of


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About