develooper Front page | perl.perl6.language | Postings from February 2001

Re: Auto-install (was autoloaded...)

Thread Previous | Thread Next
Michael G Schwern
February 8, 2001 06:23
Re: Auto-install (was autoloaded...)
Message ID:
On Thu, Feb 08, 2001 at 12:07:18PM -0200, Branden wrote:
> The issue is actually not auto-downloading modules and their prerequisites,
> but actually packaging several scripts and modules in one file, so as Java's
> jar do. I think supporting this would be neat.

I thought about making a "par" utility.  It would basically do this:

        # for each module needed...
        perl Makefile.PL PREFIX=foo LIB=foo/lib
        make test
        make install

Then you just stick your program into foo/bin or something and tar it
all up and ship it off.  The "pun" utility (I couldn't resist) then
untars the thing and runs "perl -Ifoo/lib foo/bin/whatever.plx".

Any obvious flaws?  Poke me enough and I'll get around to doing it.

> As to the question of security, if you download a script on a site that says
> it does XYZ and you actually trust the script does XYZ (trust in the sense
> that you *believe* it), I don't see why wouldn't you trust that the script
> would load modules that aren't harmful, either from CPAN or from another
> place.

Download Memoize from CPAN sometime and install it.  Make sure you're
sitting down.  All it takes is one joker, or one person to have a bad
day, or get a little too drunk one night near a computer.

We *can* automate security auditing of CPAN.  I know it can be done
because I've seen it done on smaller scales and it will happen.  If
you missed it, look at the CPANTS synopsis

Its vapor yet, but its all within the realm of "solved problems".


Michael G. Schwern   <>
BOFH excuse #301:

appears to be a Slow/Narrow SCSI-0 Interface problem

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About