Re: Incompatible change in blead perl for Safe.pm?
On Thu, Aug 16, 2007 at 02:11:38PM -0700, Joshua ben Jore wrote: On 8/16/07, Dominique Quatravaux [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joshua ben Jore wrote: caller() is a less-safe kind of operation because it now returns a hash ref of the current lexical pragmas. I don't recall why this new behavior warranted its removal from the default list of safe opcodes. Maybe because if it returns *refs*, the evil guy could then alter what they point to? It isn't clear that modifying the reference does anything. The reference is constructed in the moment that it is asked for. It can contain only strings. I wouldn't swear that it is impossible to have a change be reflected in the data stored in the optree but I suspect it is unlikely. The optree is read only. So the caller implementation has to respect this. However, for efficiency it is constructing a scalar which points to the bytes in the optree. So if anything ignores the readonly flag on the SV it will be changing the bytes in the optree. How Safe this is, I'm not sure. Nicholas Clark
Re: bundles in POD vs listing modules as prereqs
On Tue, 11 Sep 2007 09:36:45 -0400, David Golden [EMAIL PROTECTED] said: Why is this better than creating a package that lists all the same modules as prerequisites in its Makefile.PL or Build.PL? See Task on CPAN for an alternative like you describe and a list of reasons why Tasks are better than Bundles. However, one benefit of Bundles is that you can specify an actual distribution -- not just a module name. This allows one to specify a particular development version or an unauthorized tarball -- or to avoid having some module upgraded to a newer version that would break something else. And another advantage is that the bundle is conceptually an array that is processed sequentially and dependencies have no defined order. So if you have a dependency between two third party modules you can resolve it by writing a bundle, something you can't do with a Task. -- andreas
Re: bundles in POD vs listing modules as prereqs
* Andreas J. Koenig [EMAIL PROTECTED] [2007-09-12 18:35]: So if you have a dependency between two third party modules you can resolve it by writing a bundle, something you can't do with a Task. You mean a circular dependency? If that can be resolved by writing a bundle, then arguably that’s something the installer should be smart enough to figure out, isn’t it? Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/
Re: bundles in POD vs listing modules as prereqs
On Wed, September 12, 2007 3:08 pm, A. Pagaltzis said: You mean a circular dependency? If that can be resolved by writing a bundle, then arguably thatâs something the installer should be smart enough to figure out, isnât it? How about a module that might use another module -- if it is installed when the module is configured at install. It's not really circular: The module will work without the other module, just not the same way. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
