The topic has come up at previous Toolchain hackathons but as far as I know, no list has been compiled yet, or even a comprehensive list of what criteria would be used to find such distributions.
I don't have a smoker network of my own, but if I did, I'd want to set up testing in a chrooted jail to find distributions that read or write to files outside of the temp unpack dir or the install dir (for example many distributions write directly to the user's home directory, which is why I install my perls to a different user than the one that contains my bank statements and tax history). Also on my list would be distributions that use the network even though I've explicitly told them not to with NO_NETWORK_TESTING=1 (I have a firewall rule that tells me about those -- it triggers a *lot* when installing modules into a new blead point release.) On Mon, Dec 4, 2017 at 10:34 AM, James E Keenan <jkee...@pobox.com> wrote: > On 12/04/2017 09:08 AM, Nigel Horne wrote: > >> I received a bunch of these today. It may be blacklisting doit - in case >> it's doing it to something you really don't want it to >> >> >> gateway.bandsman.co.uk : Dec 4 08:17:02 : njh : a password is required ; >> TTY=pts/0 ; PWD=/home/njh/.cpan/build/Doit-0.022-21 ; USER=root ; >> COMMAND=/bin/true >> >> -Nigel >> > > Have CPAN testers or, perhaps, the Perl Toolchain Gang, ever published a > list of badly behaved distributions? > > I have been compiling my own list of distros that are either dangerous (as > Doit now appears to be), badly behaved (defaulting to invasive tests; > rigged to require a response to a command prompt), defectively packaged > (won't untar properly), or inappropriate for a given OS. > > That list has been built up through painful experience. I think it would > be beneficial to be able to share such a list with others and others' lists > with mine. Something perhaps less official than an official CPAN distro, > but something to which trusted people could contribute. > > Thoughts? > > Thank you very much. > Jim Keenan >
