Peer-reviewed CPAN modules files wanted
- From: "Mumia W." <mumia.w.18.spam+nospam.usenet@xxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 07:13:33 GMT
While reading the reivews on CPAN, I noticed an informative review of CGI::Builder. Evidently, back in 2004, CGI::Builder's Makefile.PL, had backdoor code in it: http://perlmonks.org/index.pl?node_id=349737
A recently-downloaded version of the module doesn't have this code it, so evidently the author removed it after receiving some criticism, but this points up a problem.
As well-respected as CPAN is, it seems to be perpetually "open for business," and that means that anyone can put any thing they want on there, and that means that some of the module authors can get into your business.
Perhaps we need a peer-review system for CPAN. The reviews site on CPAN may be that, but I hadn't seen it because I usually look for modules in the CPAN shell.
What I would like is to be able to type this in the CPAN shell:
cpan> reviews CGI::Builder
And I would get a text page listing reviews of the module done by trustworthy people.
Domizio Demichelis, the author of CGI::Builder, is also reputed to have created a number of sockpuppets to tout his module <http://cpanratings.perl.org/user/ovid>, and so some system would have to be in place to ensure that most of the "peers" are not the module author.
.
- Prev by Date: Re: Net::Server - how to hook post_accept
- Next by Date: Re: Help Perl and Excel--Multiposted
- Previous by thread: Net::Server - how to hook post_accept
- Next by thread: ANNOUNCE: PDL-2.4.3
- Index(es):
Relevant Pages
|
