in reply to Re: Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant>
in thread <rant>CPAN modules failing to check for write errors</rant>

CPAN is for sharing, not for perfection

Of course, and who said anything about perfection - if you've read my posts here, I've never demanded perfection. Software always has, and always will, contain bugs (Apart from TeX, supposedly :)

But CPAN is one of our most important plus points - perl without CPAN would be far less attractive. I've checked inside a few modules and have been a bit alarmed by some of them.

Have you ever just installed something with CPANPLUS and gone with it? If not, I'll respectfully suggest you're probably in a minority. If, as you seem to suggest, CPAN authors can do what they want, is it ok to release a module containing a few system rm -rf calls in it? An extreme example, but little or no error checking can create real problems that are tricky to track down and may not become apparent until much later.

This draconian sense of entitlement that you have is really repulsive and won't convince anyone

Well that's IYHO - what draconian sense of entitlement exactly? Have you really read what I'm saying?

I'm hardly being draconian by stating that it would be a good idea if CPAN authors always thought about error checking before releasing a module. That's good for everyone (ok, nearly everyone - I'm not attempting to be a spokesperson for anyone but myself), not just me, isn't it?

I'm not arguing to prevent authors from posting code to CPAN, but maybe code should go through a basic audit (security, error checking etc) of somekind before reaching CPAN.

If the argument is that anything can, and should go onto CPAN, then maybe ratings needs to be expanded to include security and error checking ratings - with the author always being given time to correct any problems before ratings are made public. That's the way a lot of commercial security issues are handled - maybe something similar could be introduced.

Ok you don't like what I'm saying - that's fine. Please post your view instead - not a one liner if possible, but a more detailed discussion. I'm happy to try to understand where you're coming from, and based on that I'm open to modifying my own viewpoint - I really *don't* have fixed views on this, but what I'm saying *is* based off using code in production environments.

Thanks

  • Comment on Re: Re: Re: Re: Re: Re: <rant>CPAN modules failing to check for write errors</rant>

In Section Meditations