develooper Front page | perl.perl5.porters | Postings from August 2016

Re: Alternative Fix for dot-in-INC mechanic.

Thread Previous | Thread Next
Kent Fredric
August 24, 2016 14:18
Re: Alternative Fix for dot-in-INC mechanic.
Message ID:
On 24 August 2016 at 22:59, Todd Rinaldo <> wrote:
> The changes being made to seem to have proven to have a high risk of being an API change. This kinda makes it inappropriate for a maintenance release. Assuming we have an alternative plan for 5.24 and forward, I recommend we simply hi-light the risk of using base and NOT fix it.
> IMO, There's nothing wrong with saying "there's a risk here" and leaving it to other's to assess and mitigate the risk in their own way on legacy Perl.

I'm in agreeance.

And I also agree the "right place" to fix ". in @INC with" is
in the code that uses, not inside itself. ( and anything else that loads user defined modules passed in
as strings literally ) are essentially "proxies for require", and
should be treated as such to avoid introducing breakage in a stable

And as such, we should fix things that /use/ (and friends) to
avoid *them* being a security risk.

But changing the semantics of require and require proxies should
happen together, and happen properly when we work out how to do that
in a Major Release and work out all the kinks in whatever
implementation details we decide on.

After all, upgrades between stable point releases should be
predictable *improvements*, not predictable regressions.



Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About