in reply to
Re: (ichimunki) Re: why is this tainted?
in thread why is this tainted?
I understand your reasons, and they are commonly given as reasons why people are unwilling to use (certain) modules. But the modules don't necessarily have to be installed by the administrator and available site wide. They are often just Perl scripts themselves-- which means that you could potentially include them in your tarball as just another *.pm file. Or even easier for all involved: simply copy them right into your script in their own package space. (Again, assuming they are not dependent on being compiled and using a shared library or something).
But more importantly in the case of Mail::Sendmail... this module purports in its POD to *improve* portability by lessening the dependence on an actual sendmail executable. That right there is a compelling reason to give it a closer look, imho. Not to mention that whatever you are trying to do related to email has probably already been encoded there, which takes enormous weight off your shoulders.
Of course, unless you are likely to need email functionality every time this script loads, that may be overkill... but shell calls are vulnerable in lots of ways plain old Perl scripts aren't, which is a good reason to avoid them if at all possible, and where they must be done, why it is preferable to use established and tested interfaces, rather than rolling our own.