Moin, On Thursday 06 July 2006 03:22, Jonathan Rockway wrote: > > It adds a dependency on a binary application (gpg) that users have to > > install by hand, doesn't check for the presence of it properly, and > > if you don't have it, installs an enormous chain of dependencies, > > with said deps having some major issues of their own. > > > > It's become bad enough that Module::Signature is being pulled from > > Bundle::CPAN and being disabled by default in CPAN.pm, until > > Module::Signature gets a maintainer capable that can make it somewhat > > saner.
Er, you realize that you _dont_ have to check the signature if you system is so broken as not allowing it? I really don't understand that argument anyhow: Replace Module::Signature with "RPM" and read it again: > > It adds a dependency on a binary application (gpg) that users have to > > install by hand, doesn't check for the presence of it properly, and > > if you don't have it, installs an enormous chain of dependencies, > > with said deps having some major issues of their own. I don't think anybody would suggest SuSE do no longer sign their RPM packages with their gpg key anymore... instead they make sure you have gpg installed and configured properly before doing the signature check. If you insist on running a system w/o gpg, and you want to check the signature on a Perl package, you gotta go, configure your system and install some software for the purpose. Next someone tells me I can't use XS because it makes the distribution depend on a compiler? :-) Leaving of the signature of software distributions just because someone isn't able to configure their system is so... so I fail the words for it. Best wishes, tels -- Signed on Fri Jul 7 15:47:00 2006 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email. "The difference between pornography and erotica is lighting" -- Gloria Leonard
pgptiZGndZIl9.pgp
Description: PGP signature
