Skip Menu |

This queue is for tickets about the GD-SecurityImage-AC CPAN distribution.

Report information
The Basics
Id: 30313
Status: resolved
Worked: 2 hours (120 min)
Priority: 0/
Queue: GD-SecurityImage-AC
People
Owner: Nobody in particular
Requestors: SNOWHARE [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)
Attachments
GD-SecurityImage-AC-1.11.tar.gz

History Show all quoted text
  Sun Oct 28 08:43:30 2007 SNOWHARE [...] cpan.org - Ticket created
Subject: Fixes for taint, locking failures and other issues
The modules has severely broken locking that results in a corrupt list of CAPTCHA images under load. Additionally it does not work under taint. I refactored the module to fix those issues and made other significant refactoring changes. The attached tarball (that I've tentatively tagged '1.11') incorporates all these changes: = Seperated POD into .pod file = Fixed taint compatibility and added documentation note on it = Fixed locking = Removed pointless AUTOLOAD (and consequent DESTROY) subs = Replaced use of 'base' module with direct setting of @Authen::Captcha::ISA = Added build test for taint compatibility I emailed the updated module to the module owner with an explanation of what I had done, but received no reply. So I am putting in the bugtracker. ;)
Subject: GD-SecurityImage-AC-1.11.tar.gz
Download GD-SecurityImage-AC-1.11.tar.gz
application/x-gzip 8.5k

Message body not shown because it is not plain text.

  Sun Oct 28 09:09:00 2007 SNOWHARE [...] cpan.org - Correspondence added
Subject: Fixes for taint, locking failures and other issues (revised tarball to fix pod coverage test)
I found a problem in the pod coverage test with the refactored code )the methods that used to be autoloaded aren't anymore, which upset the pod coverage test since they were no longer 'hidden') so I'm uploading a new version that fixes the test.
Download GD-SecurityImage-AC-1.11.tar.gz
application/x-gzip 8.6k

Message body not shown because it is not plain text.

  Sun Oct 28 09:09:04 2007 SNOWHARE [...] cpan.org - Status changed from 'new' to 'open'
  Sun Oct 28 11:17:44 2007 burak [...] cpan.org - Correspondence added
From: BURAK [...] cpan.org
Show quoted text
> I emailed the updated module to the module owner
I didn't get anything. Probably it went into the junk mails folder. However, I don't use GD::SecurityImage::AC in any of my projects (actually I have never used it, it's just a hack), so I don't plan to fix it any time soon. And I don't plan to improve it. There are other things in my list that have a higher priority. This module is merely a drop-in replacement for Authen::Captcha. So, don't use it if it has problems. That's why the Pod has these two staments: "Do not use this module if you have any doubt." "This library is provided "AS IS" without warranty of any kind." But, you can takeover the module if you'd like to maintain it.
  Sun Oct 28 12:08:55 2007 snowhare [...] nihongo.org - Correspondence added
CC: SNOWHARE [...] cpan.org
Subject: Re: [rt.cpan.org #30313] Fixes for taint, locking failures and other issues
Date: Sun, 28 Oct 2007 09:08:35 -0700 (PDT)
To: Burak Gürsoy via RT <bug-GD-SecurityImage-AC [...] rt.cpan.org>
From: Benjamin Franz <snowhare [...] nihongo.org>
On Sun, 28 Oct 2007, Burak Gürsoy via RT wrote: Show quoted text
> > <URL: http://rt.cpan.org/Ticket/Display.html?id=30313 > >
>> I emailed the updated module to the module owner
> > I didn't get anything. Probably it went into the junk mails folder. > > However, I don't use GD::SecurityImage::AC in any of my projects > (actually I have never used it, it's just a hack), so I don't plan to > fix it any time soon. And I don't plan to improve it. There are other > things in my list that have a higher priority. This module is merely a > drop-in replacement for Authen::Captcha. So, don't use it if it has > problems. That's why the Pod has these two staments: > > "Do not use this module if you have any doubt." > > "This library is provided "AS IS" without warranty of any kind." > > But, you can takeover the module if you'd like to maintain it.
I would be willing to 'take it over'. Although, right now, if you could just 'upload' my revised 1.11 tarball to CPAN, that addresses all the issues I am aware of. If you look on the RT page, I uploaded two tarballs. The one dated Sun Oct 28 09:09:01 2007 is the good one and should be ready to go live. That would probably get everyone using it to a 'good place' since it fixes the bad locks, makes it taint compatible and refactors the code somewhat. If you would prefer I just take ownership of it instead, just transfer it to my CPAN id: SNOWHARE -- Benjamin Franz "It is moronic to predict without first establishing an error rate for a prediction and keeping track of one’s past record of accuracy." -- Nassim Nicholas Taleb, Fooled By Randomness
  Sun Oct 28 13:45:36 2007 burak [...] cpan.org - Correspondence added
Show quoted text
> If you would prefer I just take ownership of it instead, just
transfer it Show quoted text
> to my CPAN id: SNOWHARE >
It'a all yours now :) Your changes look good. However, I suggest this change in Makefile.PL (I did it but forgot to release): ABSTRACT => 'A drop-in replacement for Authen::Captcha',
  Fri May 09 11:04:37 2008 SNOWHARE [...] cpan.org - Correspondence added 120 min
Resolved as part of 1.11 release
  Fri May 09 11:04:42 2008 SNOWHARE [...] cpan.org - Status changed from 'open' to 'resolved'