use lib 'http://perlmonks.org/perllib';

Rudif has asked for the wisdom of the Perl Monks concerning the following question:

Hi fellow monks

Assume for the moment that there is a perllib subdirectory at the Monastery site, containing some cool perl modules. I ask you: What would it take to hack the Perl code so that it would fetch a module indifferently from a local disk or from a website? What security issues would this raise? Would the Perl tainting suffice to protect the inocent against rogue modules (on some less trusted website)? Would this be of any use? Was this already proposed? Tried?

Rudif

Comment on use lib 'http://perlmonks.org/perllib';

Replies are listed 'Best First'.
RE: use lib 'http://perlmonks.org/perllib'; by cianoz (Friar) on Sep 16, 2000 at 18:13 UTC
Really a bad idea IMHO, it involves a lot of security/reliability/who knows what else issues look at CPAN.pm for a clever way to distribute modules.	[reply]
Re: use lib 'http://perlmonks.org/perllib'; by merlyn (Sage) on Sep 16, 2000 at 21:54 UTC
You could take the code of Autouse to have an @HTTP_LIB to fetch stuff remotely to bring in. However, caching it locally is surely a security hole. You might take a tactic like Inline to create a per-user cache. -- Randal L. Schwartz, Perl hacker	[reply]
RE: Re: use lib 'http://perlmonks.org/perllib'; by Rudif (Hermit) on Sep 16, 2000 at 22:59 UTC
Inline looks interesting. Does it live up to what it promises? Rudif	[reply]
Inline.pm (Re: use lib 'http://perlmonks.org/perllib';) by tye (Sage) on Sep 17, 2000 at 09:02 UTC
One big (for some) problem with Inline.pm is that it requires a working XS system. I really think this is the right way to do things, but it means that Inline won't work unless MakeMaker is working and you have a C compiler. If you compiled your own copy of Perl (as intended), then this should be no problem for you and Inline appears to kick arse (for one thing, I can tell just from reading the documentation that the authors knew what they were doing). But there is a huge audience of Perl users who don't necessarilly have a C compiler and, even if they do, they have to do extra work to get MakeMaker working. These are people who download binary Perl distributions for platforms with poor standardization. Most notably, Win32 users are unlikely to be able to use Inline.pm. - tye (but my friends call me "Tye")	[reply]
RE: Inline.pm (Re: use lib 'http://perlmonks.org/perllib';) by extremely (Priest) on Sep 18, 2000 at 00:32 UTC
Inline.pm for making modules (Re: use lib 'http://perlmonks.org/perllib';) by tye (Sage) on Sep 18, 2000 at 02:01 UTC
RE: Inline.pm (Re: use lib 'http://perlmonks.org/perllib';) by merlyn (Sage) on Sep 17, 2000 at 12:46 UTC
RE: RE: Inline.pm (Re: use lib 'http://perlmonks.org/perllib';) by tye (Sage) on Sep 17, 2000 at 20:48 UTC
RE: RE: Re: use lib 'http://perlmonks.org/perllib'; by merlyn (Sage) on Sep 16, 2000 at 23:20 UTC
It passes "make test". Does it promise anything more? {grin} -- Randal L. Schwartz, Perl hacker	[reply]