Re: Cpan Ratings (Was: Future of the Module List)
Pardon my ignorance, but ... What is the 'default phone-home behavior' in the Makefile.PL's about which Randal was complaining? Is it the author's 'Perlish' coding style, in which he places statement-ending semicolons at the start of the line? Or something else? jimk
Re: Cpan Ratings (Was: Future of the Module List)
James Keenan writes: Pardon my ignorance, but ... What is the 'default phone-home behavior' in the Makefile.PL's about which Randal was complaining? The author wished to keep track of how widely his modules were used -- at least partially as motivation for bothering to write them. Originally he had something in Makefile.PL which downloaded a file from his own website then executed the contents of that file. (Among other things, it warned the would-be-installer if a newer version of the distro was available.) People pointed out how insecure this is, and the damage that could be done by somebody hijacking his server and substituting a malicious Perl script at that URL. Others simply didn't like the idea at all of being counted and monitored without their consent; this phone-home behaviour happened by default, without warning. Somebody merely running Makefile.PL (or the CPAN shell or whatever) wouldn't expect it. The author responded to the security problem by changing his installers to download a dynamically generated data file, not a Perl script, which still allowed him to do counting and have the installer warn about old versions, but didn't have the security risk. But this still happened without warning, and would be unexpected to most users. Several people, Randal included, found this intrusive and unacceptable. I see that a few weeks ago the author removed all phone-home behaviour, so even this is no longer an issue. Smylers
Cpan Ratings (Was: Future of the Module List)
Randy W. Sims writes: Not long ago I was exploring the cpanratings site and discovered the unhelpful rampage by one particular reviewer http://cpanratings.perl.org/a/181. Why do you think Randal's comments are unhelpful? Personally whenever I'm (considering) downloading a module I haven't used before I read any reviews it has. It would never've occurred to me that an author would've have put default phone-home behaviour into a distribution's installer, but on reading Randal's review of a module I'd then be aware of it in advance. That's certainly useful information to have. Admittedly when you look at the page giving all Randal's reviews there is a fair amount of repetition going on, but the information he gives is pertinent to every one of those modules, so it's the only way of ensuring the message reaches potential users of all of the modules. Actually I'm much more concerned by the opposite problem, that people give 5 stars to modules they use lots and don't bother reviewing other modules, or ones they tried a bit but gave up on -- partly, I suspect, cos if you never quite got into a module properly then you feel it'd be unfair to review it. Look at one of the modules that Randal reviews, CGI::Builder: http://cpanratings.perl.org/d/CGI-Builder That's a flurry of 5-star reviews in a very short space of time. I suspect that isn't a co-incidence -- perhaps there's a CGI::Builder mailing list somewhere that had a recent post encouraging users to review the module? There isn't anything wrong with that[*0], but it could distort the value of reviews over all. Cpan Ratings is still young. Let's give it some more time to pan out; I think it's one of the better ideas out there. There's also some degree of a chicken-and-egg situation going on, but once the site has more reviews in it there'll be more reason for people to consult it and for places to link to it more prominently. [*0] Well, there are ways in which such a mail could be phrased that would be wrong; but simply soliciting genuine reviews from genuine users can hardly be faulted. Smylers