Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries, Event 9 IIS log failed to write entry, wwwxxx jeffs, Catastrophic failure Unexpected method call sequence. 0x8000ffff (-2147418113)., ksh lock a file, [unixODBC][Driver Manager]Driver's SQLAllocHandle on SQL_HANDLE_DBC failed, sed: -e expression #1, char 1: unterminated address regex, procmail + change subject, w2ksp4.exe download, /proc/kallsyms format



#1: Peer-reviewed CPAN modules files wanted

Posted on 2006-08-21 09:13:33 by mumia.w.18.spam+nospam.usenet

While reading the reivews on CPAN, I noticed an informative
review of CGI::Builder. Evidently, back in 2004,
CGI::Builder's Makefile.PL, had backdoor code in it:

A recently-downloaded version of the module doesn't have this
code it, so evidently the author removed it after receiving
some criticism, but this points up a problem.

As well-respected as CPAN is, it seems to be perpetually "open
for business," and that means that anyone can put any thing
they want on there, and that means that some of the module
authors can get into your business.

Perhaps we need a peer-review system for CPAN. The reviews
site on CPAN may be that, but I hadn't seen it because I
usually look for modules in the CPAN shell.

What I would like is to be able to type this in the CPAN shell:

cpan> reviews CGI::Builder

And I would get a text page listing reviews of the module done
by trustworthy people.

Domizio Demichelis, the author of CGI::Builder, is also
reputed to have created a number of sockpuppets to tout his
module <>, and so some
system would have to be in place to ensure that most of the
"peers" are not the module author.

Report this message