On Monday 23 June 2008 22:57:26 Paul Fenwick wrote: > As such, I'd like to propose a new (optional) kwalitee metric. Like using > strict and warnings, modules should "use re 'taint'" at the top of the code > as well. Even modules that exist to untaint data *should* be doing this, > as it means that regexps that do the untainting are more clearly marked. > For modules that don't mean to be doing untainting, this is an extra > safeguard to make sure they don't. > > So: > > * Does anyone think this is a bad idea?
Absolutely. I'm not a fan of having to write code to do nothing in C++ (so that the C++ compiler doesn't do the wrong thing by default), and I'd hate to see that bad habit enter Perl, even if the reason is so that someone gets to move ahead one slot on a scoreboard somewhere. I also hate to get bug reports saying "You should add this line of code even if it does nothing useful to all of your modules, because it's not there!" I'm happy to get bug reports and test reports which say "Your distribution doesn't extract" or "Your permissions are wrong" or "Your MANIFEST doesn't match your packing list" because those are real problems and I can correct them. I'm very much not happy to get bug reports and test failures and big red bars against my distributions because an automated heuristic which applies only to some cases decided that it knows better about how to write code than I do. If the heuristic is so smart about what makes good code, maybe it should maintain my code and free me up for a hobby with fewer stupid automated distractions. (Want a heuristic which finds *actual* bugs in almost every module ever written? Check the use of eval and subsequent $@ testing, or the use of ref(), or SUPER::whatever(), for example.) > Is there someplace this should be going besides from CPANTS? > It's definitely a common mistake that module authors can easily fix. Perl::Critic? -- c