Oh. So considering that I work on windows, and use "C:\\Program Files\\GnuWin32\\bin\\bsdtar.exe" -cvzf ... to pack my module, how do I make it not world-writable? make them as read only?
Shmuel. Yitzchak Scott-Thoennes wrote: > See http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html and (in > that thread) http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html > > Basically, your packaging presents a security threat; someone installing > your module can untar it and something come along and overwrite the > contents of Makefile.PL before it's run. > > And Andreas has made the call to prevent indexing such packages, knowing > that that will cause a lot of pain (and presumably a lot of pressure to > fix whatever is wrong with people's build practices/tools that is > causing the problem). > > On Tue, September 23, 2008 1:42 pm, Shmuel Fomberg wrote: >> Hi All. >> >> What does that means? >> >> Shmuel. >> >> -------- Original Message -------- >> Subject: Failed: PAUSE indexer report >> SEMUELF/Data-ParseBinary-0.07.tar.gz >> Date: Tue, 23 Sep 2008 22:22:55 +0200 >> From: PAUSE <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED], [EMAIL PROTECTED] >> >> >> >> >> The following report has been written by the PAUSE namespace indexer. >> Please contact [EMAIL PROTECTED] if there are any open questions. >> Id: mldistwatch.pm 1063 2008-09-23 05:23:57Z k >> >> >> User: SEMUELF (Shmuel Fomberg) >> Distribution file: Data-ParseBinary-0.07.tar.gz >> Number of files: 38 >> *.pm files: 18 >> README: Data-ParseBinary-0.07/README >> META.yml: No META.yml found >> >> >> META-driven index: no >> Timestamp of file: Tue Sep 23 20:21:24 2008 UTC >> Time of this run: Tue Sep 23 20:22:55 2008 UTC >> >> >> The distribution contains the following world writable directories or >> files and is therefore considered a security breach and as such not being >> indexed: Data-ParseBinary-0.07/ Data-ParseBinary-0.07/lib/Data/ >> Data-ParseBinary-0.07/lib/Data/ParseBinary/ >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/ >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ Data-ParseBinary-0.07/t/ >> Data-ParseBinary-0.07/Changes Data-ParseBinary-0.07/MANIFEST >> Data-ParseBinary-0.07/Makefile.PL Data-ParseBinary-0.07/README >> Data-ParseBinary-0.07/lib/Data/ParseBinary.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Adapters.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Constructs.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Core.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Bit.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/File.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/String.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/StringBuffer.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Wrapper.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/Streams.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/DataCap.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecELF32.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecPE32.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/FileSystemMbr.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsBMP.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsEMF.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsPNG.pm >> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsWMF.pm >> Data-ParseBinary-0.07/t/01various.t Data-ParseBinary-0.07/t/02streams.t >> Data-ParseBinary-0.07/t/03lib.t Data-ParseBinary-0.07/t/_ctypes_test.so >> Data-ParseBinary-0.07/t/bitmapx1.bmp >> Data-ParseBinary-0.07/t/bitmapx24.bmp >> Data-ParseBinary-0.07/t/bitmapx4.bmp >> Data-ParseBinary-0.07/t/bitmapx8.bmp Data-ParseBinary-0.07/t/cap2.cap >> Data-ParseBinary-0.07/t/emf1.emf Data-ParseBinary-0.07/t/notepad.exe >> Data-ParseBinary-0.07/t/png1.png Data-ParseBinary-0.07/t/png2.png >> Data-ParseBinary-0.07/t/python.exe Data-ParseBinary-0.07/t/sqlite3.dll >> Data-ParseBinary-0.07/t/wmf1.wmf . Hint: maybe try 'make dist' or 'Build >> dist'. >> >> >> __END__ >> >> >> >> _______________________________________________ >> Perl mailing list >> [email protected] >> http://perl.org.il/mailman/listinfo/perl >> >> > > > _______________________________________________ > Perl mailing list > [email protected] > http://perl.org.il/mailman/listinfo/perl > _______________________________________________ Perl mailing list [email protected] http://perl.org.il/mailman/listinfo/perl
