[EMAIL PROTECTED] [[EMAIL PROTECTED]] quoth: *>Hello: *>Just downloaded my first CPAN module (woo-hoo). What risks are *>associated with installing these modules? Are they checked for viruses, *>etc. before posting?
No more than with anything else you download from the net and install onto a system. Modules aren't audited upon upload but an MD5 checksum is generated which you can use either manually or with CPAN.pm to verify the validity of the distribution but, again, this isn't a foolproof guarantee of secure non-malicious code. The CPAN Testers tend to validate and test quite a few modules to catch such problems early. Identifying malicious code in perl modules would also prove to be a daunting task considering the volume and range of skill. Over the last 7 years, we haven't had any problems of this nature and hopefully it will remain that way in spite of the fact that, with over 200 independent mirrors around the globe, it would be very easy to distribute such a file and very difficult to provide a system that would safeguard against it if the point of origination was PAUSE. So far people seem to respect the space and find other things to entertain themselves with. We have discussed such things as a fingerprint database but, again, it wouldn't be 100% secure. As with everything, caveat emptor. e. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
