On 2019-10-23 22:20:04 +0300, Niko Tyni wrote: > FWIW this has been the case since forever.
Yes, but almost no-one knows about this security issue. Using the CPAN client is generally recommended on the web, but I have never seen any mention of this security issue, not even on the cpan website: https://www.cpan.org/modules/INSTALL.html The "quick start" starts with "cpan App::cpanminus"... Even I was quite surprised. Security may not have been much concerned 10 - 15 years ago, but nowadays one expects that software is safe (modulo bugs). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)