Bug #102852 for Shipwright: Uses File::Slurp, known to be buggy and vulnerable

Tue Mar 17 20:47:36 2015 ether [...] cpan.org - Ticket created

Subject:

Uses File::Slurp, known to be buggy and vulnerable

e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be dismayed File::Slurp::Tiny and Path::Tiny are both excellent alternatives. See also http://shadow.cat/blog/matt-s-trout/mstpan-5/

Tue Mar 24 03:22:56 2015 sunnavy [...] gmail.com - Correspondence added

Hi Ether FYI, we use File::Slurp to read/write simple config files, which are nearly all ascii texts, and I never get a bug report of broken Shipwright because of File::Slurp. I also read the discussion ticket of File::Slurp, the concern is most related to encoding layer stuff, which I believe we don't need to worry about at all here. If you find a way that File::Slurp could break Shipwright somehow, I'll be happy to consider replacing it, thanks! Regards sunnavy On Tue Mar 17 20:47:36 2015, ETHER wrote: Show quoted text

> e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > dismayed > > File::Slurp::Tiny and Path::Tiny are both excellent alternatives. See > also http://shadow.cat/blog/matt-s-trout/mstpan-5/

Tue Mar 24 03:22:57 2015 The RT System itself - Status changed from 'new' to 'open'

Tue Mar 31 12:02:12 2015 rt-cpan [...] trout.me.uk - Correspondence added

On Tue Mar 24 03:22:56 2015, SUNNAVY wrote: Show quoted text

> Hi Ether > > FYI, we use File::Slurp to read/write simple config files, which are > nearly all ascii texts, and I never get a bug report of broken > Shipwright because of File::Slurp.

Honestly ... the others have saner APIs and maintainers with a solid grasp of the perl I/O related internals (better than mine, certainly), whereas File::Slurp is kept limping along by a volunteer maintainer to avoid screwing over its remaining users. This change is, as such, not necessarily urgent, but probably worth making next time you touch that area of the code *anyway*