I was reading over Jifty last last night and about how it depends on fifty or so CPAN modules. And also noted the suggestion for installation:
perl -MCPAN -e 'install Jifty' which is basically what I do when installing modules (sudo cpan Foo::Bar). I woke up a bit paranoid and my thought was: That's running a lot of code as root. Other than CPAN testers, are there any safeguards running all these tests and modules as root? In general, I prefer to run make and make test as a normal user and then sudo make install, but sudo cpan sure is easy. But, that's hardly a complete test of code. I suspect short of reviewing every line of code it's not really possible to be completely sure. I was wondering also if something like Devel::Cover and Safe could help in evaluating code before it gets run as root or loaded on the production machines. This isn't a problem specific to Perl, of course, but CPAN does make it reasonably easy to upload code to share. Plus, I've recently used modules that depend on other modules that, when I looked at the source, had what I considered a serious bug. (Yes, I provided patches.) That's not malicious, but does illustrate the potential. Am I just worrying too much? ;) -- Bill Moseley [EMAIL PROTECTED]