On Mon, Sep 22, 2008 at 8:40 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote: > My suggestion for resolving this is to modify the smoking modules so, after > the archive is unpacked (with a proper umask and arguments to tar), they will > traverse the directory tree and look for any world-writable files. If any are > found, they will report the smoking of the module as "FAIL", and delete the > unpacked directory tree, without doing the "perl Makefile.PL/Build.PL ..." > dance.
This isn't just a smoking problem, right? A normal CPAN/CPANPLUS install would trigger the same warning? > We could give an option for doing this, if it bothers you. But I'm tired of > finding these files in the msec report and reporting them manually. > > Now I volunteer to implement this. I think that CPANTS is probably the better place for this kind of analysis, particularly because it's static and because the reason for the Kwalitee point is clear. It sounds like exactly the kind of thing that fits among the core Kwalitee metrics. There are some reasons I think that CPAN Testers is *not* the right place for this: * The CPAN Testers grades relate only to the ability to build/test a distribution. Unless world writable files prevent that, FAIL or UNKNOWN are not appropriate * Someone would have to read the FAIL and pay attention to understand that the problem is a world-writable file (whereas it's obvious on CPANTS what the problem is) * CPAN::Testers is no longer notifying authors directly anyway -- David
