Skip Menu |

This queue is for tickets about the CPAN-Unwind CPAN distribution.

Report information
The Basics
Id: 28595
Status: open
Priority: 0/
Queue: CPAN-Unwind
People
Owner: Nobody in particular
Requestors: SREZIC [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 0.05
Fixed in: (no value)

History Show all quoted text
  Tue Jul 31 16:43:33 2007 SREZIC [...] cpan.org - Ticket created
Subject: Alternatively use META.yml?
I wonder if CPAN::Unwind could (alternatively) use META.yml to get the dependency information. While not (yet) authoritative, this could solve the security problem you mentioned in the Pod. Regards, Slaven
  Mon May 02 00:27:11 2011 blue [...] thisisnotmyrealemail.com - Correspondence added
From: blue [...] thisisnotmyrealemail.com
On Tue Jul 31 16:43:33 2007, SREZIC wrote: Show quoted text
> I wonder if CPAN::Unwind could (alternatively) use META.yml to get the > dependency information. While not (yet) authoritative, this could solve > the security problem you mentioned in the Pod. > > Regards, > Slaven
agreed, especially since there is an official api to retrieve the Meta info without having to fetch the distribution and munge around in the files: http://search.cpan.org/meta/CPAN-Unwind/META.json
  Mon May 02 00:27:12 2011 The RT System itself - Status changed from 'new' to 'open'
  Mon May 02 11:03:34 2011 MSCHILLI [...] cpan.org - Correspondence added
On Tue Jul 31 16:43:33 2007, SREZIC wrote: Show quoted text
> I wonder if CPAN::Unwind could (alternatively) use META.yml to get the > dependency information. While not (yet) authoritative, this could solve > the security problem you mentioned in the Pod.
Actually, I wrote CPAN::Unwind to especially cover cases where META.yml is missing or incorrect. But adding a non-intrusive mode and using the CPAN API sounds like a good idea, I'll get on it.