Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Is Module::SafeVersion a Waste of Time?

by BrowserUk (Pope)
on Apr 25, 2006 at 10:23 UTC ( #545522=note: print w/ replies, xml ) Need Help??


in reply to Is Module::SafeVersion a Waste of Time?

Your premise appears to be that loading the module in order to obtain it's $VERSION is inherently unsafe; and you are attempting to reimplement some subset of the perl parser in order to avoid that "risk"; but if your module library is compromised enough that the risk of loading the modules it contains is real, how are you going to cater for the risk that your module is the one that has been compromised?

Further, what is the point in determining a module's $VERSION safely, when to use that module, you will need to load it? At which point it's version would be available to you, but you would of course have exposed yourself to the risk of it's being evaluated.

The only useful, non-paranoia uses I can see for this, would be: a) scanning the entire installed library and obtaining the versions of all the modules without ending up with them all loaded in your process; or b) risking 'collisions' between modules by loading them all simultaneously; but that would more easily be done by spawning one-liners that load the modules and print their $VERSION thereby isolating each from the next.

my @allmodules = map{ ... } @INC; ... for my $module ( @allmodules ) { print "$module :", `perl -M$module le"\$${module}::VERSION"`; }

I agree with Schwern.


Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.


Comment on Re: Is Module::SafeVersion a Waste of Time?
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://545522]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2014-12-22 11:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (116 votes), past polls