Skip Menu |

This queue is for tickets about the CPAN-Unwind CPAN distribution.

Report information
The Basics
Id: 11867
Status: resolved
Priority: 0/
Queue: CPAN-Unwind
People
Owner: Nobody in particular
Requestors: adamk [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Mar 14 07:35:20 2005 adamk [...] cpan.org - Ticket created
"dependend" is spelled wrong. I think you mean dependent. In addition, regarding "SECURITY NOTE: CPAN::Unwind runs all Makefile.PL files (via Module::Depends::Intrusive) of modules it finds dependencies on. If you are concerned that any module in the dependency tree" How is the user supposed to know that they are concerned about a module in the dependency tree, when the entire purpose of the module is to create the dependency tree. By the time they can tell, it is too late.
  Tue Mar 15 13:30:55 2005 MSCHILLI [...] cpan.org - Correspondence added
Subject: CPAN::Unwind
[ADAMK - Mon Mar 14 07:35:20 2005]: Show quoted text
> "dependend" is spelled wrong.
Fixed in 0.02, thx. Show quoted text
> In addition, regarding "SECURITY NOTE: CPAN::Unwind runs all Makefile.PL > files (via Module::Depends::Intrusive) of modules it finds dependencies > on. If you are concerned that any module in the dependency tree" > > How is the user supposed to know that they are concerned about a module > in the dependency tree, when the entire purpose of the module is to > create the dependency tree. By the time they can tell, it is too late.
Correct. It amounts to: If you don't trust all of CPAN's Makefile.PLs, don't use CPAN::Unwind. Sounds scary, but it's no different from setting the CPAN shell to "follow" dependencies instead of "ask". Thanks for your comments, they're definitely appreciated. -- Mike
  Tue Mar 15 13:32:03 2005 MSCHILLI [...] cpan.org - Status changed from 'new' to 'resolved'