in reply to
Malware on CPAN
I haven't heard of any malicious code upload to CPAN.
I know of 3 in the last 12 years which were quasi-fishy uploads with potential
Mostly its just tar permissions nonsense that linux folks complain to win32 folks -- PAUSE was updated to deal with that (withoutworldwritables)
There was one real phone-home thing, and the author took to the criticism, and stopped doing that
Lots of net/web modules use real-live urls for testing, or try to start servers on local-network instead of explicitly localhost -- I keep fighting this one, but nothing nefarious
There is one thing still on CPAN which could be used for perl rootkits ( i don't want to publicize it) but its NA (45) UNKNOWN (155)
There is one thing still on CPAN which could be used for perl rootkits
If that's a real threat (and not just FUD), you should contact email@example.com to discuss it, and maybe request removal of that file.
Well, I already raised the issue once in opinions on, feel free to take it up :)
Results (354 votes),