First of all, there's no point for Perl to always check the signature of a module when loading the module. If you are unwilling to trust what is on your local disk, you should not trust perl itself either. And if you cannot trust perl, why trust whatever it checks?

However, suppose you have massaged Perl such that it will fetch module from the internet and load them for you. (You can do that to some extend with my CPAN module The::Net). Not just source modules, but compiled modules as well. Then just signing is not enough. You signing the module doesn't give me any garantees. I might not know you, hence the signature doesn't tell me anything, or, if I know you and have your PGP public key, I still might not trust you.

You'd need to set up a trust system. Perhaps I don't trust you, but I do trust Mr. Feeble, and Mr. Feeble has vouched you. Then I might be willing to run your code.

Luckely, someone has already thought about this. Brian Ingerson, from Inline::C fame. Last YAPC::NA, there was a meeting on the following Saturday about peer to peer exchange of (compiled) modules. I missed it, but Brian will be at TPC and YAPC::Europe, and has promised he will have the idea more worked out by then.

-- Abigail

In reply to Re: Muse on Digital Signatures in Perl Modules by Abigail
in thread Muse on Digital Signatures in Perl Modules by John M. Dlugosz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.