I don't see any benefits for having an all-controlled CPAN
site. What would be the point? And of course, currently it's
now possible to upload buggy or trojaned modules. Remember
that PAUSE/CPAN lets anyone upload anything. The only rule
CPAN has that uploaded source code must be freely distributable.
That's it. There's no "seal of quality" slapped on anything
uploaded to CPAN.
Uploaded and distributing software over the internet is old.
Older than Perl itself. Remember that perl1 was distributed
in comp.sources, which was actively being archived.
Tell me, what would be the advantages of an all-controlling
CPAN site?
Abigail | [reply] |
Tell me, what would be the advantages of an all-controlling CPAN site?
A quality-control mechanism of some kind. Whether this is through authorized people reviewing the source code of modules or through some sort of module or author voting/ranking system. I'm aware CPAN isn't currently doing this, and it would involve a very large amount of work, but I believe it would prove advantageous.
Think of the current situation, do you conduct testing and thorough code reviews of every CPAN module you use? I do because I'm required to (and trust me, it sucks). This is a rather major problem facing large businesses wanting to use Perl. If you're wondering, oddly enough, my company's policy does not require I do this for core modules.
| [reply] |
I don't see a relation between a centrally controlled CPAN
site, and a quality control mechanism. You can now start a
quality control mechanism, and for that, you do not need to
modify how CPAN works. OTOH, turning CPAN into an all-controlling
site doesn't make quality control happen.
Well, I don't think it's odd for large business to do some
testing before using random pieces of code downloaded from
the internet before using them in their programs. In fact,
I would find it odd for a business *not* to do so. Regardless
whether that piece of code was written in Perl, C, Java or
vi macros. Core modules are part of the main distribution,
and those have been through the hands of p5p - who has a proven
track record of producing good code. But Joe Random Hacker
does not.
Abigail
| [reply] |