Tyler MacDonald <[EMAIL PROTECTED]> wrote:
>
> I know, I managed to upload Test::CPAN without approval, and it
> showed up on my search.cpan.org homepage and everything... but can somebody
> do "install My::Package" in CPAN.pm if "My::Package" is not on the module
> list? I know that CPAN always downloads 03modlist.data.gz; does it use more
> than just that to figure out if it can download your module from CPAN?
Apparently it does:
cpan> i /Test::CPAN/
Going to read /root/.cpan/sources/modules/03modlist.data.gz
Going to write /root/.cpan/Metadata
Module Test::CPAN (C/CR/CRAKRJACK/Test-CPAN-0.002.tar.gz)
Module Test::CPAN::Fake (C/CR/CRAKRJACK/Test-CPAN-0.002.tar.gz)
2 items found
Those modules were never approved... yet they're in 03modlist.data.
So what good is the "official" module list then? I was always under the
impression that it acted like a guardian, CPAN wouldn't allow you to
download a module that wasn't registered or wasn't uploaded by a registered
author, and that was supposed to prevent malice or accidents from happening
when somebody uploaded a module that was actually in somebody else's
namespace, or not approved.
- Tyler
