Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^3: cpan/cpanm integrity and authenticy checks concerns

by eyepopslikeamosquito (Archbishop)
on Jul 13, 2021 at 02:18 UTC ( [id://11134945]=note: print w/replies, xml ) Need Help??


in reply to Re^2: cpan/cpanm integrity and authenticy checks concerns
in thread cpan/cpanm integrity and authenticy checks concerns

I agree. This seems to be a hard problem, and broader than Perl's CPAN. PyPI, RubyGems, and Npm, for example, all face similar problems:

It might be interesting to compare (and learn from) the security approaches taken by each of these similar mature open source repositories.

Update (2023)

> I'm not (yet) making heavy use of cpan or cpanm tools, and I'm still getting used to them

In case it helps, a detailed example of installing modules from CPAN securely on Linux, using cpan and cpanm, can now be found here.

Thanks to your question, I now keep a long list of Security References (don't want to disappoint the LanX ;-):

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11134945]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2024-03-29 11:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found