Skip Menu |

This queue is for tickets about the ExtUtils-BundleMaker CPAN distribution.

Report information
The Basics
Id: 95480
Status: open
Priority: 0/
Queue: ExtUtils-BundleMaker
People
Owner: Nobody in particular
Requestors: ether [...] cpan.org
Cc: dagolden [...] cpan.org
LEONT [...] cpan.org
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu May 08 18:24:52 2014 ether [...] cpan.org - Ticket created
Subject: Uses File::Slurp, known to be buggy and vulnerable
e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be dismayed Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
  Sun May 11 03:22:08 2014 REHSACK [...] cpan.org - Cc DAGOLDEN added
  Sun May 11 03:22:08 2014 REHSACK [...] cpan.org - Cc LEONT added
  Sun May 11 03:27:48 2014 REHSACK [...] cpan.org - Correspondence added
Supposably the correct strategy to bundle different distributions is to create individual distribution sub-dirs. So File::Slurp might be replaced by a code relying on File::Copy instead like inc::latest. @David/Leon: Can inc::latest be distributed separately from Module::Build?
  Sun May 11 03:27:49 2014 The RT System itself - Status changed from 'new' to 'open'
  Sun May 11 19:26:22 2014 dagolden [...] cpan.org - Correspondence added
I suppose inc::latest could be split out, but I'm unlikely to find the tuits to do so. Personally, I don't think File::Slurp is likely to be a problem for this usage, so I consider this a very low-priority issue. David
  Sun May 11 19:27:20 2014 fawaka [...] gmail.com - Correspondence added
CC: Karen Etheridge <ether [...] cpan.org>, David Golden <dagolden [...] cpan.org>
Subject: Re: [rt.cpan.org #95480] Uses File::Slurp, known to be buggy and vulnerable
Date: Mon, 12 May 2014 01:26:51 +0200
To: bug-ExtUtils-BundleMaker [...] rt.cpan.org
From: Leon Timmermans <fawaka [...] gmail.com>
On Sun, May 11, 2014 at 9:27 AM, Jens Rehsack via RT < bug-ExtUtils-BundleMaker@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=95480 > > > Supposably the correct strategy to bundle different distributions is to > create individual distribution sub-dirs. So File::Slurp might be replaced > by a code relying on File::Copy instead like inc::latest. > > @David/Leon: Can inc::latest be distributed separately from Module::Build? >
It could be split, and I do think that's a good idea in principle. It could use some loving before doing that though. Leon
  Mon May 12 13:31:10 2014 ether [...] cpan.org - Correspondence added
On 2014-05-08 15:24:52, ETHER wrote: Show quoted text
> e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > dismayed > > Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
oops s/Path::Slurp::Tiny/File::Slurp::Tiny/ sorry