On 09/20/2017 06:01 PM, Neil Bowers wrote:
http://www.theregister.co.uk/2017/09/15/pretend_python_packages_prey_on_poor_typing/Would
CPAN be subject to the same problem as described in the article above?
Yes.
DBI::Class, for example, could be a typo for DBIx::Class or a
misremembered Class::DBI, and there's nothing stopping anyone from
uploading a DBI::Class package that does all kinds of dodgy stuff.
There are plenty of confusable (small edit distance) pairs of module names on
CPAN.
For example,
Algorithm::SVM and Algorithm::VSM
AI::POS and AI::PSO
both pairs are from different dists. More likely with short acronyms.
One thing we could do is have a tool looking at newly registered package names
and alert the PAUSE admins to have a look at any that are a short edit distance
from an existing package name.
Would anyone know of any prior art for detection of "short edit
distances"? (Perhaps even already on CPAN?)
Thank you very much.
Jim Keenan
