File permission vulnerabilities and Module::Pluggable

Ash Berlin ash_cpan at firemirror.com
Wed Jan 21 18:45:18 GMT 2009


On 21 Jan 2009, at 12:12, David Cantrell wrote:

> On Wed, Jan 21, 2009 at 12:46:45AM +0000, Johan Lindstr?m wrote:
>> At 23:47 2009-01-20, Simon Wistow wrote:
>>> Thoughts?
>> Make it optional. But feature both the dependency and the config
>> parameter prominently in the docs. Especially in the SYNOPSIS.
>> See it as a Teachable Moment.
>
> Optional, with a warning if the feature's not available.  Make it
> possible to disable the warning with an import() parameter.

Or via:

no warnings Module::Pluggable::XXXXX;

http://search.cpan.org/perldoc?warnings::register


>
>
> The warning should point at the line of code where Module::Pluggable  
> is
> being loaded, so that the user knows exactly where to turn it off.
>
> For extra evil and getting the word out to any authors who depend on
> your module but don't themselves have the most recent version, die()
> when the warning isn't turned off, and the extra feature isn't
> available, and it's not just your test suite being run, and
> AUTOMATED_TESTING is set in the environment :-)
>
> -- 
> David Cantrell | Minister for Arbitrary Justice
>
> You can't spell AWESOME without ME!



More information about the london.pm mailing list