Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^4: Getting Fed Up with ActiveState

by tsee (Curate)
on Dec 03, 2006 at 19:25 UTC ( #587536=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Getting Fed Up with ActiveState
in thread Getting Fed Up with ActiveState

Addressing your remark about special cases: It wasn't me who started doing those binary releases of PAR. I just became responsible for the PAR releases and continued ongoing practice.

Whether 15 versions of Template::Toolkit should be supplied via CPAN is an entirely different question than whether we should add various PPM packages per distribution.

Furthermore, I do know organizations who only allow thoroughly inspected code to be used. But that doesn't matter. It's a question of principle.

Why would you view the authors of source distributions as trustworthy, and those same people packaging those same modules in binary form as untrustworthy? If you have the processes and procedures in place to verify the integrity of your systems when you build a module from CPAN via a source distribution, those same processes and procedures should also be used to detect miscreant binary installations.

That's ridiculous. Disassemble shared libraries? I don't think so. Also, you suggested that anybody should be able to upload PPMs for any modules.

Steffen


Comment on Re^4: Getting Fed Up with ActiveState
Re^5: Getting Fed Up with ActiveState
by BrowserUk (Pope) on Dec 03, 2006 at 21:00 UTC
    That's ridiculous. Disassemble shared libraries?

    It would be, had that been what I suggested, but I did not. But that you bring it up as a strawman to knock down signposts your intent.

    Ensuring the integrity of your systems by static inspection of code is impossible, even for only moderately complex software.

    The correct way to test software is by running it and observing it's behaviour. Eg. In a sandox environment. Anything less is make-work for a false sense of security.

    you suggested that anybody should be able to upload PPMs for any modules.

    Where?


    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
      Where?

      I'm sorry. You didn't suggest that anybody should be able to upload PPMs for any modules. I read through the whole thread including Limbic Region's post which is quoted below and several of your posts. I mixed them up. I was confident that you wrote that. I should have double-checked. Sorry.

      Limbic Region wrote:

      If the author didn't develop on Win32 there should still be a mechanism to allow someone else to provide the binary distribution.

      Steffen

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://587536]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (10)
As of 2014-12-21 16:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (106 votes), past polls