First I want to offer one piece of helpful advice: The systems where this will bite hardest will be systems which have older portions of code and some maintainability issues of their own and you cannot be sure how people are using the programs. Most of these will have a CGI component. The ideal fix for most of these systems is not any of the ones you recommended but the use of FindBin.
On to a bit of a rant. I trust that if you had understood the impact you would have warned and documented. Our systems are fixed and running with fixes that are more secure than the ones you recommended. But a lot of people rely on Debian because you usually don't do things like pushing standard library changes in behavior out without warning, documentation, or the like. I understand there may be some urgency but particularly where there is urgency, your user base counts on your to make sure these nut-and-bolt issues are addressed. And the concern that many of us are going to have is "what happens the next time someone panics?" We don't get back the hours we spent trying to make sure we understood what was going on well enough to know what we could that we could count on, time spent before we filed the bug ticket. What has happened has happened. It will probably eventually be seen as a one-time error of the sort that happens when people are under pressure. But if a pattern develops of this sort, Debian and Perl will both seriously suffer. Regardless of what upstream says, pushing out breaking changes to standard libraries with no documentation and warning, where the error messages are wrong should never happen. -- Best Wishes, Chris Travers Efficito: Hosted Accounting and ERP. Robust and Flexible. No vendor lock-in. http://www.efficito.com/learn_more
