Subject: | MANIFEST.SKIP and 0-signature.t |
Date: | Sat, 27 Mar 2010 15:17:35 -0700 |
To: | bug-Term-ProgressBar [...] rt.cpan.org |
From: | Tatsuhiko Miyagawa <miyagawa [...] gmail.com> |
the signature testing is useless in CPAN distributions since when CPAN
clients run this test, perl Build.PL is already executed and that PL
file can do anything malicious. testing SIGNATURE in *.t (./Build
test) is too late.
That said, your distribution contains signature testing *and*
MANIFEST.SKIP, which causes issues with recent Module::Build. You have
two options:
a) remove 0-signature.t
CPAN clients when correctly configured verify the SIGNATURE *before*
running configuration tool, so this test is not necessary
b) remove MANIFEST.SKIP from the distribution
latest ExtUtils::Manifest automatically ignores MYMETA.yml which
causes this SIGNATURE mismatch, but since you have your own
MANIFEST.SKIP it doesn't work.
either of which is just so easy.
--
Tatsuhiko Miyagawa