Skip Menu |

This queue is for tickets about the CPAN CPAN distribution.

Report information
The Basics
Id: 69694
Status: resolved
Priority: 0/
Queue: CPAN
People
Owner: Nobody in particular
Requestors: SREZIC [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 1.9600
Fixed in: 2.27

History Show all quoted text
  Fri Jul 22 11:09:19 2011 SREZIC [...] cpan.org - Ticket created
Subject: "upgrade" is dangerous
The "upgrade" command may install outdated distributions. This usually can happen if modules vanish from distributions (which happens quite often nowadays). A user who runs "upgrade" could see output like this: ... CHI 0.47 0.49 JSWARTZ/CHI-0.49.tar.gz CHI::Serializer::JSON undef 0.43 JSWARTZ/CHI-0.43.tar.gz CHI::Test::Class undef 0.39 JSWARTZ/CHI-0.39.tar.gz ... I assume that CPAN.pm would install the distributions in order, so it would install the newest 0.49, than the older 0.43, and then the even older 0.39. So a user would get a quite old CHI distribution, and it could happen that distributions depending on a newer version are broken now. The "autobundle" command has a similar problem --- such a bundle must not be reinstalled without removing the "dangerous" old distributions. I have a script which uses some heuristics to find such dangerous distributions: https://github.com/eserte/cpan-testers-parallelsmoker/blob/master/utils/find_dangerous_cpan_distributions.pl But I don't know what's the right approach to fix this. A possibility would be that CPAN.pm includes similar code like in find_dangerous_cpan_distributions. Or "dangerous" distributions could be removed from the PAUSE index. Regards, Slaven
  Fri Jul 22 11:29:10 2011 rafl [...] debian.org - Correspondence added
Subject: Re: [rt.cpan.org #69694] "upgrade" is dangerous
Date: Fri, 22 Jul 2011 17:29:23 +0200
To: bug-CPAN [...] rt.cpan.org
From: Florian Ragwitz <rafl [...] debian.org>
"Slaven_Rezic via RT" <bug-CPAN@rt.cpan.org> writes: Show quoted text
> The "upgrade" command may install outdated distributions. This usually > can happen if modules vanish from distributions (which happens quite > often nowadays).
FWIW, cpan-outdated, from the App::cpanoutdated distribution, which was initially extracted from CPAN.pm's "r" command, doesn't have this problem. Porting changes back from there to CPAN might just solve this issue.
Download (untitled)
application/pgp-signature 197b

Message body not shown because it is not plain text.

  Fri Jul 22 11:29:12 2011 The RT System itself - Status changed from 'new' to 'open'
  Mon Jun 10 05:23:03 2019 ANDK [...] cpan.org - Correspondence added
This will be fixed in 2.27 (currently available as ANDK/CPAN-2.27-TRIAL2.tar.gz) by offering the option allow_installing_outdated_dists=... Thanks a lot for writing this issue. Setting status to 'patched' until 2.27 is released as stable version.
  Mon Jun 10 05:23:04 2019 ANDK [...] cpan.org - Status changed from 'open' to 'patched'
  Thu Jul 04 01:45:12 2019 ANDK [...] cpan.org - Correspondence added
Fixed in 2.27. Thanks again,
  Thu Jul 04 01:45:13 2019 ANDK [...] cpan.org - Status changed from 'patched' to 'resolved'
  Thu Jul 04 01:45:14 2019 ANDK [...] cpan.org - Fixed in 2.27 added