> [EMAIL PROTECTED] (Elizabeth Mattijsen) writes:
> > I've released about 30 modules in the past 1.5 years. I _never_
> > bothered to try to register. I guess that means something.
>
> Likewise. (although slightly more than 30 ;)
>
> I just don't see the point of the modules list, especially now we have
> search.cpan.org.
Afaik the only real reason for the modules list is to prevent people from accidentally installing a module that is released under a known name, but by an unknown author.
So if I release Email::Simple 1.4 no one using CPAN.pm to install it will end up with my version, they will always end up with your version. This does something towards preventing attacks on the community by embedding hostile code in the install scripts and then uploading them under trusted names.
Its actually very annoying because the hand over and ownership management on CPAN isn't that hot (and doesnt synchronize with RT fwict), so if you take over maintenance of a module and it hasnt been properly handed over the code can only be found via the website or via an 'ls' on the authors directory.
Which brings me back to the web site. From what I can tell this security measure has not been implemented on the web site. There is nothing on a page to tell you if the module you are looking at is actually released by the correct person. So presumably if I upload DBI 1.42 with a trojan to wipe the hard drive I bet that just from web downloads alone ill end up with some victims.
So not only does search.cpan.org NOT make the modulelist redundant, it in fact should should be modified to ensure that module list information is presented to the user. At very least when viewing a module the page should very clearly state that the displyed module is not released by the approved author/owener of the namespace. (Assuming of course that this is the case.)
IMO the module registration process is broken from a management point of view (ive stated this in private correspondence to the site owners and CPAN folks) but the module registration process is definately not redundant or unneeded. It badly needs to be reformed and reworked though.
Just my (not so) humble $0.02.
Yves
