Except, the client is paranoid and won't let this machine talk to the "Big Bad Outside World". Only my machine is allowed to talk to it from outside their DMZ.
As a security advocate, I wouldn't call the person paranoid. Yes, too much security, and you can't get anything done. But it is common place to have production machines, if that is what this is, to do very VERY specific things. I'm sorry it sounds like I'm jumping down your throat, but I am asking people who read what you wrote and think of some of the consequences of not DMZing.

webservers normally have connections only comming in from a certain set of ips, if yer doing nat, or a load balancer, this may be small. If the device is just packet forwarding, it's huge! The connections going out from the same server would normally be really small, since as a web server, its duty is to serve pages, not to be a resource to access other foreign resources.

That being said, anything going onto the machine, normally is verified as the required set of changes for auditing and quality purposes. If one day, CPAN was hacked, as public repositories have had happen, and you tried to use it, that new machine will have, "bad code".

If you package you modules, and it went down a pipe to get to production, directly from dev or through QA, 1) The code you downloaded has had a justation period for like people to download the code and say, "HOLY CRAP!", 2) What everyone has validated and audited that is going into production, really is just that. No suprise upgrades.

Easiest suggestion I can recommend, have a target that is, "pristine." Install a tool like tripwire and run it against the pristine target. Now run CPAN. Run a tripwire report to see what has changed. That will be your list of things to export.

A nicer way would be to have two copies of production on a dev box, then run cpan targetting one. Do a diff. Enjoy! :)

Both solutions would work even if you weren't using CPAN and can't easily figure out the differences for modules, configuration files, beer.. stuff.. yeah.

In reply to Re: Creating a Bundle:: with all deps? by exussum0
in thread Creating a Bundle:: with all deps? by dragonchild

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.