On Tue, Sep 30, 2008 at 11:02 PM, Bill Ward <[EMAIL PROTECTED]> wrote: > > > On Tue, Sep 30, 2008 at 12:46 PM, Ricardo SIGNES > <[EMAIL PROTECTED]> wrote: >> >> * Bill Ward <[EMAIL PROTECTED]> [2008-09-30T15:12:22] >> > Since anyone can upload code to CPAN, not all modules are of the same >> > high >> > quality as others. I feel it is very important to vet each and every >> > module >> > that I install. But with the auto-install behavior, modules that I want >> > to >> > install may have dependencies on other modules that I don't feel >> > comfortable >> > installing, and I want to have the opportunity to consider each one >> > before I >> > go ahead and install it. So I don't like auto-install. I want it to >> > stop >> > and complain that the other module is missing, so I can go over to the >> > CPAN >> > Web site, look up that module, see who wrote it, read its documentation, >> > scan its code, and get a feel for whether I'm comfortable installing it >> > before doing so. >> >> I wish I had that kind of free time. > > It's a big part of my job to ensure that our tech stack at work doesn't get > corrupted by bad code.
On one hand if you trust and want module X then I would guess you don't have much choice but to trust and install all its dependencies so there is not much point in checking each module. On the other hand I wish we could use your findings either as CPANRATINGS or better yet through some not yet existing system where each one of us could say which authors do we trust or which specific modules do we trust and then also which users do we trust to use their opinion. The web of trust that has been discussed lately on several channels. After all you are doing some work we all wish we had time to do throughly when we decide on using a module. regards Gabor -- Gabor Szabo http://szabgab.com/blog.html Test Automation Tips http://szabgab.com/test_automation_tips.html
