On Mon, Sep 22, 2008 at 04:24:27PM +0300, Shlomi Fish wrote: > World-writable files are a security risk and the CPAN shell should refuse to > test the distribution if they exist. A security conscious admin won't install > such modules if they generate world-writable files. As such, one should not > proceed to the build/test stage and fail immediately.
No. A security-conscious admin might test the module in a known-safe environment, and re-package the module as, eg, an RPM or a deb so that he can deploy it to his machines. A security-conscious admin would evaluate the situation instead of just having a blanket "no". A security-conscious admin would know that security ain't binary. -- David Cantrell | Official London Perl Mongers Bad Influence Compromise: n: lowering my standards so you can meet them
