Re: When CPAN shell cannot find a module
On Sun, 20 Nov 2005 14:51:42 -0500, James E Keenan [EMAIL PROTECTED] said: I'm wondering if my diagnosis of the following annoying problem is correct. When I use the CPAN shell to install a distribution which does not include a package with the name of the distribution, the shell immediately tells me to use the 'i /distroname/' to find objects with matching identifiers. If information on the distribution is located, then I have to guess as to which module within the distribution is one that I don't have up-to-date and which will therefore trigger the shell to proceed with installation. Example: Just now I saw on perl.cpan-testers that Ken Williams had uploaded a distribution named PathTools. As you did know the authors name, you could have asked immediately cpan ls kwilliams and would have got the exact distribtion name: 112124 2005-11-18 KWILLIAMS/PathTools-3.14.tar.gz From there you would have just said cpan install KWILLIAMS/PathTools-3.14.tar.gz and would have got it. Alternatively (my favorite) you could have used the 'r' command and it would have reported something like this: Cwd3.05 3.14 K/KW/KWILLIAMS/PathTools-3.14.tar.gz and then an 'install Cwd' would have had success. I checked it out at search.cpan.org and decided to install it. Here is an edited transcript of my shell session: [...snip...] So I eventually get the shell to work ... but I really don't see why it couldn't handle 'install PathTools' right from the get-go? Anyone know why? Is there a workaround? Thanks. CPAN shell is very cautious not to install the wrong thing. It wants to be absolutely sure that it installs the thing that you wanted. Witness: cpan install /^Cwd$/ Sorry, install with a regular expression is not supported I don't think many people would appreciate getting something installed they didn't explicitly ask for. -- andreas
Re: When CPAN shell cannot find a module
Randy Kobes wrote: On Sun, 20 Nov 2005, James E Keenan wrote: [snip] Note that, if you know the distribtion you want to install, CPAN.pm understands cpan install KWILLIAMS/PathTools-3.14.tar.gz That's the step I was looking for: what to do once the 'i /somemodule/' command returns a results. Thanks, Randy and Andreas. jimk
Re: When CPAN shell cannot find a module
On Sun, 20 Nov 2005, Andreas J. Koenig wrote: I don't think many people would appreciate getting something installed they didn't explicitly ask for. Hmmm. I can have extra pain every time I'm installing something to avoid occassionally getting something I don't want or I can have pain every thousandth time I install something because oopsie I got something extra. It doesn't seem like a hard choice to me. Let's just say your many people aren't the same folks as my any people. ;-) The lack of distname support due to anal retentive accident avoidance in CPAN is utterly odd considering the culture of DWIMery that is so much a part of Perl. I'm not surprised that one person would think this was good, but the whole Perl community acquiescing to it is quite a shock. -- /chris Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- Dick Brandon Physics is like sex. Sure, it may give some practical results, but that's not why we do it. -- Richard Feynman, physicist and Nobel laureate
Re: When CPAN shell cannot find a module
On Nov 21, 2005, at 10:51 AM, Christopher Hicks wrote: On Sun, 20 Nov 2005, Andreas J. Koenig wrote: I don't think many people would appreciate getting something installed they didn't explicitly ask for. Hmmm. I can have extra pain every time I'm installing something to avoid occassionally getting something I don't want or I can have pain every thousandth time I install something because oopsie I got something extra. It doesn't seem like a hard choice to me. Let's just say your many people aren't the same folks as my any people. ;-) The lack of distname support due to anal retentive accident avoidance in CPAN is utterly odd considering the culture of DWIMery that is so much a part of Perl. I'm not surprised that one person would think this was good, but the whole Perl community acquiescing to it is quite a shock. Chris, If CPAN made it easy to install unintended software by mistake, that would be a huge security hole. Some people run cpan as root. Defensive programming is absolutely the right thing here. Chris -- Chris Dolan, Software Developer, Clotho Advanced Media Inc. 608-294-7900, fax 294-7025, 1435 E Main St, Madison WI 53703 Clotho Advanced Media, Inc. - Creators of MediaLandscape Software (http://www.media-landscape.com/) and partners in the revolutionary Croquet project (http://www.opencroquet.org/)
Re: When CPAN shell cannot find a module
On Mon, 21 Nov 2005, Chris Dolan wrote: If CPAN made it easy to install unintended software by mistake, that would be a huge security hole. Some people run cpan as root. Defensive programming is absolutely the right thing here. And how exactly would a shortcut that says oh you asked for something that isn't really a module name, would you like us to install THIS package which contains CERTAIN modules anyway? cause security issues? I run the cpan shell as root all the time. Its a pain to have to remember the CPAN caniptions every time I'm setting up a new random server and the less often you deal with it the more likely you will have forgotten it all. This is exactly the context where the sort of shortcut that Perl is known for should be eximplified but its not. It may be the individual's first exposure to the Perl world. Let's not make it suck because of weak fears. PathTools and Template Toolkit are both examples where the thing to type into CPAN isn't clear to the newbie sysadmins. If we had a list of things like that for the important modules that have such strangeness then there should be any security problem in doing this without prompting since those mappings would be official and Known To Be OK. If I say install TemplateToolkit or install Template::Toolkit having that map to install Template without too much fuss is not only harmless and significantly helpful it might even be a security benefit since I won't accidentally install three other templating things in the meantime hoping to find the right one. The amount of time saved for sysadmins all over the world without causing anyone one iota of actual harm is awe-inspiring. So, am I really missing something here? Is there really some chance for a harmful mistake being made that can't be trivially mitigated with solutions like I mentioned above? -- /chris There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare
Re: When CPAN shell cannot find a module
On Mon, 21 Nov 2005, Christopher Hicks wrote: On Mon, 21 Nov 2005, Chris Dolan wrote: If CPAN made it easy to install unintended software by mistake, that would be a huge security hole. Some people run cpan as root. Defensive programming is absolutely the right thing here. And how exactly would a shortcut that says oh you asked for something that isn't really a module name, would you like us to install THIS package which contains CERTAIN modules anyway? cause security issues? I run the cpan shell as root all the time. Its a pain to have to remember the CPAN caniptions every time I'm setting up a new random server and the less often you deal with it the more likely you will have forgotten it all. This is exactly the context where the sort of shortcut that Perl is known for should be eximplified but its not. It may be the individual's first exposure to the Perl world. Let's not make it suck because of weak fears. PathTools and Template Toolkit are both examples where the thing to type into CPAN isn't clear to the newbie sysadmins. If we had a list of things like that for the important modules that have such strangeness then there should be any security problem in doing this without prompting since those mappings would be official and Known To Be OK. If I say install TemplateToolkit or install Template::Toolkit having that map to install Template without too much fuss is not only harmless and significantly helpful it might even be a security benefit since I won't accidentally install three other templating things in the meantime hoping to find the right one. The amount of time saved for sysadmins all over the world without causing anyone one iota of actual harm is awe-inspiring. So, am I really missing something here? Is there really some chance for a harmful mistake being made that can't be trivially mitigated with solutions like I mentioned above? Andreas can correct me if I'm wrong, but I don't think PAUSE puts any restrictions on the base name of the distribution that appears in the PAUSE indices that CPAN.pm uses. This opens up a couple of scenarios that could potentially arise that would make the behaviour you propose either harmful or more complicated: - Someone registers a module MyModule that coincides with the base name of a distribution of another author. Then install MyModule within the CPAN.pm shell would be ambiguous - do you mean the module or the distribution? A different command other than install would have to be used for installing distributions. - Two authors happen to have a distribution with the same base name, containing different sets of modules. Then, install_distribtion DistName would be ambiguous which would require user input to resolve. In both cases an added layer of complexity would be involved so as CPAN.pm would install the right thing. This doesn't seem any easier (and, in fact, seems more prone to error) than the current cpan install KWILLIAMS/PathTools-3.14.tar.gz or, as Andreas mentioned, using CPAN.pm to get a list of recommended modules to update. -- best regards, randy kobes
Re: When CPAN shell cannot find a module
On Nov 21, 2005, at 10:51 AM, Christopher Hicks wrote: Hmmm. I can have extra pain every time I'm installing something to avoid occassionally getting something I don't want or I can have pain every thousandth time I install something because oopsie I got something extra. It doesn't seem like a hard choice to me. Let's just say your many people aren't the same folks as my any people. ;-) The lack of distname support due to anal retentive accident avoidance in CPAN is utterly odd considering the culture of DWIMery that is so much a part of Perl. I'm not surprised that one person would think this was good, but the whole Perl community acquiescing to it is quite a shock. Think about what would happen if Satan uploaded a malicious distribution called PathTools with a higher version number than mine. You'd want the whole world to get Satan's distribution by default, just so they can save a couple keystrokes? Also, lack of distname support is overblowing the situation. Distnames are supported perfectly fine as long as you put it in the proper syntax with author's ID and version. -Ken
