Don't ask to ask, just ask | |
PerlMonks |
Re^3: cpan/cpanm integrity and authenticy checks concernsby eyepopslikeamosquito (Archbishop) |
on Jul 13, 2021 at 02:18 UTC ( [id://11134945]=note: print w/replies, xml ) | Need Help?? |
I agree. This seems to be a hard problem, and broader than Perl's CPAN. PyPI, RubyGems, and Npm, for example, all face similar problems:
It might be interesting to compare (and learn from) the security approaches taken by each of these similar mature open source repositories. Update (2023)
> I'm not (yet) making heavy use of cpan or cpanm tools, and I'm still getting used to them In case it helps, a detailed example of installing modules from CPAN securely on Linux, using cpan and cpanm, can now be found here. Thanks to your question, I now keep a long list of Security References (don't want to disappoint the LanX ;-):
In Section
Seekers of Perl Wisdom
|
|