As many of you saw, a rather spirited exchange appeared this morning in CB discussing, among other things, the merits of using CPAN modules versus rolling your own. Near the end of the discussion, one of the participants said something to the effect of "I don't trust code that I haven't written because I don't know what it's doing to my system."

I know many of you, like me, have heard similar remarks from many sources, including (generously) inexperienced members of our community, programmers, security admins, managers, clients, and so on.

Please *don't* fall into this trap.

You may be the hottest programmer ever to come down the pike, but it's pretty unlikely that you can:

• Rewrite a module like CGI.pm in the same amount of time it takes to download it, install it, and print the source.
• Test highly rated open source modules as completely and broadly as the rest of the community in total.
• Assemble the testing and validation resources already in place for CPAN.
• Write a version 1.0 replacement as fully featured as the existing materials on CPAN.
• Code around every loophole or pitfall that's gone into the evolution of the existing work.
• Can accurately refute the knowledge and wisdom of the senior members of the community when debating the merits of said module(s).
• Present many arguments said members haven't already heard, discussed, and discarded.
• Reinvent said wheels and still have time left to accomplish your project's original goals.
• Design, develop, debug, and deploy a new variation more cheaply than CPAN modules. (They're free, folks. C'mon!)

In short, beware false hubris ("*exaggerated* pride or self-confidence").

--f

P.S. In the case of CPAN, if you really want to know what the code is "doing to your system," then read the source. If you don't understand what's going on, then that's a signal that you may need to work on your understanding of the system, the language, and the tools involved.

P.P.S. If you're really confused about something going on in a CPAN module, post a node asking for clarification about the construct you're unclear on. Or email the author. Whichever fits.

Don't simply blow it off because you didn't write it. That's simply asking for trouble. Remember, you're supposed to break the rules...but only after you understand them and why they're there.