develooper Front page | perl.perl6.language | Postings from February 2001

Re: Auto-install (was autoloaded...)

Thread Previous | Thread Next
February 8, 2001 06:06
Re: Auto-install (was autoloaded...)
Message ID:
Michael G Schwern wrote:
> Oddly enough, Perl does handle this... mostly.  The CPAN shell can
> automatically download and install prerequisites for modules, provided
> the module explicitly declares the prereqs.  Class::DBI ultimately
> needs something like 9 other CPAN modules, which would be a nightmare
> but for this feature.

The issue is actually not auto-downloading modules and their prerequisites,
but actually packaging several scripts and modules in one file, so as Java's
jar do. I think supporting this would be neat.

As to the question of security, if you download a script on a site that says
it does XYZ and you actually trust the script does XYZ (trust in the sense
that you *believe* it), I don't see why wouldn't you trust that the script
would load modules that aren't harmful, either from CPAN or from another

And having to see the code before installing is not a proof of security at
all, since Perl is the king of obfuscating languages and (I expect) Perl 6
will be able to distribute code in byte-code form. So I don't actually see
how auto-loading of modules from Internet is so much more untrustful than
manual-loading of the same modules from Internet, if they are pretty
obfuscated or are in byte-code form. Only a sandbox or something like that
can assure security in either case.

- Branden

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About