Roderich Schupp wrote: [snip proposed scheme] >> Now, if we want all builds to have debugging support, we need to be able >> to disable it somehow at packaging time because if we rely on run-time >> only, it's a security issue. The most straightforward way would be to >> build the loader twice as explained previously and choose the one with >> or without debugging support according to a pp option. Is there another >> way? I don't think so because this all happens in the loader (C) code. > > That's gonna be real messy, a tried for an hour to get this "build it twice" > to have sane semantics and failed miserably. The main problem is > that main.o (that's where we would have debug disabled/enabled versions) > "taints" almost every file that gets installed except for the pure perl ones).
Ouch. If it escaped you for an hour, I'm not even going to try. I didn't like that idea much anyway. If you think the scheme your proposed above would work better, feel free to experiment and commit, but please document it (and the opt-out at build time) well. I still have some head-ache about changing the behaviour of the packaged binary using an environment variable, but requiring the env var to match /-d:.*/ and not packing Devel::* modules normally should help there. Cheers, Steffen
