On Wed, May 8, 2019 at 9:42 AM Oliver Betz <list...@gmx.net> wrote: > ...
Consider a widespread program > like ExifTool: Malware can easily find the runtime files and infect them > without elevated rights. > So what? The Windows standards suggest to make exectuables write protected. > > Bullshit advice. If the files are owned by the user, the malware can unprotect them. Unpacking the runtime files in a dedicated step seems to be a natural > solution to me. That's how most (portable) programs are "installed". > > If they can be installed by the user (i.e. without "admin" rights), this gains you nothing. A PAR archive seems to contain (nearly?) everything to run the program > (Perl interpreter, libraries, DLLs etc.) > What do you consider a "PAR archive"? In PAR lingo this is a .par file, actually a zip file with a certain directory structure. It may contain Perl modules (including "glue" DLLs for XS modules) and data. It does *not* include a Perl interpreter. In fact, you need a core Perl installation + Archive::Zip to make use of it. If you don't to use the standalone executables generated by "pp -o ..." and rather go for a classic installer approach, fine. But PAR::Packer is not of much help for this. You may want its dependency resolution (what modules are used by your program, what modules are used in turn by these modules etc), but that is provided by Module::ScanDeps. Cheers, Roderich
