Front page | perl.perl6.language |
Postings from February 2001
Michael G Schwern wrote: > > Oddly enough, Perl does handle this... mostly. The CPAN shell can > automatically download and install prerequisites for modules, provided > the module explicitly declares the prereqs. Class::DBI ultimately > needs something like 9 other CPAN modules, which would be a nightmare > but for this feature. > The issue is actually not auto-downloading modules and their prerequisites, but actually packaging several scripts and modules in one file, so as Java's jar do. I think supporting this would be neat. As to the question of security, if you download a script on a site that says it does XYZ and you actually trust the script does XYZ (trust in the sense that you *believe* it), I don't see why wouldn't you trust that the script would load modules that aren't harmful, either from CPAN or from another place. And having to see the code before installing is not a proof of security at all, since Perl is the king of obfuscating languages and (I expect) Perl 6 will be able to distribute code in byte-code form. So I don't actually see how auto-loading of modules from Internet is so much more untrustful than manual-loading of the same modules from Internet, if they are pretty obfuscated or are in byte-code form. Only a sandbox or something like that can assure security in either case. - BrandenThread Previous | Thread Next