On Wed, Feb 24, 2010 at 12:17 AM, Andreas J. Koenig <andreas.koenig.7os6v...@franz.ak.mind.de> wrote: >>>>>> On Tue, 23 Feb 2010 21:57:07 +1100, Adam Kennedy <a...@ali.as> said: > > > There is no reason to impose this kind of thing on end users, as the > > failure does not actually prevent the module from working, and the end > > user will have no way to resolve the problem. > > > As for the test failing, the problem here is that in order to be work > > correctly, the test must be run before Makefile.PL is run at the very > > least, or ideally they should be run before the tarball is > > extracted. > > This is irrelevant here because we absolutely agree that the test is not > the security test itself, it is a test that indicates that the security > check isn't flawed.
There's two arguments against it, I just wanted to make clear we were agreed on the security part. > This is quite a different argumentation than it was at the beginning of > this thread, and I have no problem with that. We will agree that > 'dropped for end user' is not the same as 'removed'. And it's actually > what Module::Signature suggests in the manpage with > > if (!$ENV{TEST_SIGNATURE}) { > print "ok 1 # skip Set the environment variable", > > Isn't it? What is this TEST_SIGNATURE? It's a completely made up environment variable for this module alone. It would be better to at least use RELEASE_TESTING, or AUTOMATED_TESTING, or both... Adam K