Re: Perl 'executable'

You could look at it the other way. When it's deployed as a binary, no one really can be sure what it is doing, without extensive effort. Whereas a conventional script can be easily scanned, to see what it is doing.

If you want some security with a script, just have it's permissions and ownership set, and maybe do some cryptographic fingerprinting of it.

I would be very suspicious of any binary I was asked to run, unless I compiled it myself.

I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

Comment on Re: Perl 'executable'

Replies are listed 'Best First'.
Re^2: Perl 'executable' by Xilman (Hermit) on Oct 22, 2010 at 13:32 UTC
"I would be very suspicious of any binary I was asked to run, unless I compiled it myself." Really? I guess you must be running Gentoo then, and even then bootstrapped your own compiler from hand-written assembler in order to get the initial gcc working from code you trust. There are times when you just have to trust a binary whether you like it or not. Reflections on Trusting Trust has a valuable take on the issue. Paul	[reply]
Re^3: Perl 'executable' by zentara (Cardinal) on Oct 22, 2010 at 13:58 UTC
I agree, but there are certain tradeoffs in trust. I do keep a watch over the software than comes in precompiled form. I make a distinction in trust levels. I would be more likely to trust a binary that comes from a prebuilt distribution, like Ubuntu; than from some perl hacker who claims he/she dosn't want me to see what the script does. There is just an obvious difference there in threat level. At least the distributions make their source packages available. Will the perl hacker make his uncompiled source script available to me? I'm not really a human, but I play one on earth. Old Perl Programmer Haiku ................... flash japh	[reply]