Skip Menu |

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information
The Basics
Id: 95482
Status: open
Priority: 0/
Queue: Perl-Dist-Strawberry
People
Owner: Nobody in particular
Requestors: ether [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu May 08 18:28:14 2014 ether [...] cpan.org - Ticket created
Subject: Uses File::Slurp, known to be buggy and vulnerable
e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be dismayed Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
  Mon May 12 13:30:59 2014 ether [...] cpan.org - Correspondence added
On 2014-05-08 15:28:14, ETHER wrote: Show quoted text
> e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > dismayed > > Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
oops s/Path::Slurp::Tiny/File::Slurp::Tiny/ sorry
  Thu May 15 09:53:27 2014 csjewell [...] cpan.org - Correspondence added
On Mon May 12 13:30:59 2014, ETHER wrote: Show quoted text
> On 2014-05-08 15:28:14, ETHER wrote:
> > e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > > dismayed > > > > Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
> > > oops s/Path::Slurp::Tiny/File::Slurp::Tiny/ sorry
And since the current version of Perl::Dist::Strawberry is not using any encoding settings in perl code other than :raw, (I just checked with a grep) #83126 is of no consequence to us. If there are any other bugs that ARE, make a case as to why we're hitting them.
  Thu May 15 09:53:28 2014 The RT System itself - Status changed from 'new' to 'open'
  Thu May 15 14:00:25 2014 rt-cpan [...] trout.me.uk - Correspondence added
On Thu May 15 09:53:27 2014, CSJEWELL wrote: Show quoted text
> And since the current version of Perl::Dist::Strawberry is not using > any encoding settings in perl code other than :raw, (I just checked > with a grep) #83126 is of no consequence to us. If there are any other > bugs that ARE, make a case as to why we're hitting them.
This is also a cleanup/modernisation pass. File::Slurp is old code with scary corners because of its ancient origins and subsequent adoption. While I'm grateful to Uri for continuing to maintain it at all, it's time to let it die the quiet death of old age that it's earned.
  Thu May 15 16:42:44 2014 kmx [...] volny.cz - Correspondence added
Subject: Re: [rt.cpan.org #95482] Uses File::Slurp, known to be buggy and vulnerable
Date: Thu, 15 May 2014 22:40:56 +0200
To: bug-Perl-Dist-Strawberry [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
The fact is that we hadn't any trouble or negative experience with read_file, write_file, append_file from File::Slurp On the other hand it is good to know about alternatives but at least in short term we will stay with File::Slurp -- kmx
  Fri May 16 12:43:12 2014 rt-cpan [...] trout.me.uk - Correspondence added
On Thu May 15 16:42:44 2014, kmx@volny.cz wrote: Show quoted text
> The fact is that we hadn't any trouble or negative experience with > read_file, write_file, append_file from File::Slurp
Yet. Show quoted text
> On the other hand it is good to know about alternatives but at least in > short term we will stay with File::Slurp
Would you be willing to trial a patch?