Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant>

I agree with the last half of your comment.

You should audit the code you use.
You should harden it, and you should resubmit the code back to the author and back to CPAN.
Or pay the authour to harden it.

But outside of that the community as a whole has a responsibility to understand the users needs. CPAN modules are for users, what do users need is what the author should focus on. This is usually easy because the code you are working on is for your own needs, and if you need something there is a probability someone else will need it or find it useful once you are done with it.

But I think the point this post is making is with more people using CPAN modules blindly as time goes on what is the communities responsibility to the code on CPAN. With the recent meditations on security in CPAN modules and this I think this whole debate can be changed slightly to does the PERL community need to audit the offerings on CPAN occasionally. And if so should there be a mechanism of discusison for what is found in the audit process.

Now I think that is being done, just the fact that the poster posted this shows the code gets reviewed. And the possible redresses for the situation have been stated, but I think the poster is asking for something more active from the community as a whole in general.

"No matter where you go, there you are." BB

Comment on Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant>

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant> by Anonymous Monk on May 29, 2004 at 18:57 UTC
Yes - your assesment is spot on, that's what I was trying to say. As we now have CPAN ratings, maybe that could be extend to address user error and security concerns. Comments would have to pass through some moderation process and module authors should be given reasonable time to address such issues. If they fail to do so, then a caution should be logged against that module - this doesn't stop others from continuing to use it, but does ensure they are made aware of potential shortcomings. Maybe something based around that would be possible?	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant>
by Anonymous Monk on May 29, 2004 at 18:57 UTC

As we now have CPAN ratings, maybe that could be extend to address user error and security concerns. Comments would have to pass through some moderation process and module authors should be given reasonable time to address such issues. If they fail to do so, then a caution should be logged against that module - this doesn't stop others from continuing to use it, but does ensure they are made aware of potential shortcomings.

Maybe something based around that would be possible?

[reply]