Hello, I intend to use cpanm to download perl modules into a secure environment that is guarded by firewalls and have a couple of questions on how to do that.
a. I want to be able to verify the perl module that has been downloaded by its signature. Cpanm provides an option for this called -verify, but the description for the option is a little ambiguous - --verify Verify the integrity of distribution files retrieved from PAUSE using CHECKSUMS and SIGNATURES (if found). Defaults to false. It sounds like it means that the signature will be checked only if it is present. If the --verify option is used and the signature is missing, will the package be downloaded and installed nonetheless? b. How does one obtain the public key that is used to check these signatures? Is it installed along with cpanm? Please let me know if this is not the appropriate mailing list to pose these questions. Appreciate any help. Thanks, Abhi
