Skip Menu |

This queue is for tickets about the Test-MockObject CPAN distribution.

Report information
The Basics
Id: 17934
Status: resolved
Worked: 40 min
Priority: 0/
Queue: Test-MockObject
People
Owner: chromatic [...] cpan.org
Requestors: mramberg [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.02
Fixed in: (no value)

History Show all quoted text
  Thu Mar 02 08:18:58 2006 mramberg [...] cpan.org - Ticket created
Subject: Test::Mockobject tests for signatures even if I asked cpanplus not to
If you want to test signatures explicitly in the test suite, please make it an ENV variable, the test fails now with module::signature installed and no GPG.
  Sat Mar 04 18:32:58 2006 chromatic [...] cpan.org - Correspondence added 10 min
I'm afraid I don't see the point of expecting users to know and to set an environment variable before being able to test that the distribution is as I intended it to be when I signed it. Looking at the build process for Module::Signature, I think it's clear that it expects you to have a GPG-workalike installed as a prerequisite, so I think this is a problem with that module on your system instead.
  Sat Mar 04 18:32:59 2006 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 04 18:32:59 2006 chromatic [...] cpan.org - Status changed from 'open' to 'resolved'
  Sat Mar 04 18:33:00 2006 chromatic [...] cpan.org - Given to CHROMATIC
  Sun Mar 05 09:25:49 2006 rt-cpan [...] trout.me.uk - Correspondence added
From: Matt S Trout
On Sat Mar 04 18:32:58 2006, CHROMATIC wrote: Show quoted text
> I'm afraid I don't see the point of expecting users to know and to set > an environment variable before being able to test that the distribution > is as I intended it to be when I signed it.
Because verifying the signature of a distribution is an external operation; if the distribution has been corrupted/affected by a malefactor then said malefactor could easily have messed with the test. CPAN and CPANPLUS are both capable of checking signatures themselves - I don't see the point of expecting users to know that your distribution considers itself special and effectively bypasses their chosen configuration options on their package installation tool. Maybe you could detect whether you're running under CPAN(PLUS) and only run this test if not; if you can't find a way to do that effectively then the test should be disabled or removed. Show quoted text
> Looking at the build process for Module::Signature, I think it's clear > that it expects you to have a GPG-workalike installed as a prerequisite, > so I think this is a problem with that module on your system instead.
If it'll happily install without a suitable external program to use, then yes that's an issue of Module::Signature. It doesn't stop Test::Mockobject's behaviour being decidedly silly.
  Sun Mar 05 09:25:50 2006 The RT System itself - Status changed from 'resolved' to 'open'
  Sat Mar 18 22:58:32 2006 chromatic [...] cpan.org - Correspondence added 30 min
I raised the issue on the Perl QA list and the consensus there is that you're right. Version 1.04, released this afternoon, does not run any of the three developer tests by default.
  Sat Mar 18 22:58:33 2006 chromatic [...] cpan.org - Status changed from 'open' to 'resolved'