Lots of CPAN authors are too cautious with their warnings about "Oooh! Not for production!" I don't always believe them.

Hrmph. Well I guess you don't complain when such a module blows up in your face either? This is really a strange issue, on the one hand people complain that there's no quality control on CPAN and there's lots of crap floating about. On the one hand users will just cheerfully ignore strong warnings by module authors (who after all should know best how production-ready their modules are), blithely use unsuitable code and recommend this usage to others. Just because you're given the rope doesn't mean you should hang yourself.

In this particular case we're talking about a security measure designed to protect a pretty sensitive piece of data. If somebody happens to steal this data and use it for nefarious porpoises and the clients (or their attorneys) then ask the site owner how he secured it, it isn't going to look too great if he answers "I used this alpha software, the author recommended I shouldn't use it, but I didn't believe him", is it?

I'm not saying such a warning should always prevent usage of a module in every case. If you've looked at the module in detail, analysed the code and found it matching your own standards then more power to you. But it doesn't sound like either you or I have done that, and recommending a development release for a security-critical application without such an analysis seems a trifle daring, don't you think?


There are ten types of people: those that understand binary and those that don't.