On Thu, Nov 13, 2008 at 3:39 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote:
>> What I was expressing is that the CPAN shell can do the twiddling to strip
>> flags at the point of extraction, rather than PAUSE stopping it at the
>> gate. Archive::Tar already does this (see
>> $Archive::Tar::INSECURE_EXTRACT_MODE).
>
> Archive::Tar does, but Archive::Extract (which CPANPLUS uses) doesn't.

It was a bug.  Addressed in 0.28 as a result of these discussions.
The next non-development release of CPANPLUS will use the new
Archive::Extract and close the security hole under discussion.

-- David

Reply via email to