|laziness, impatience, and hubris|
On "fixing" Perl core modules "in place"by tlm (Prior)
|on May 16, 2006 at 19:54 UTC||Need Help??|
tlm has asked for the
wisdom of the Perl Monks concerning the following question:
I'm about to blow a gasket. Hopefully writing this question for my fellow monks will let me blow off some steam.
Today, suddenly several of my scripts were failing, out of the blue. After looking in all the obvious places for what the problem could be, I found out that someone in our team had decided to "fix" /usr/lib/perl5/5.8.6/CGI/Carp.pm. (Yes, the copy used by every other user of our system.) The "fix" actually produced a version of CGI/Carp.pm that didn't even compile...
(I shudder to think how many other such "fixes" have slid through undetected.)
In the aftermath of the whole incident, the person who instigated the fix conceded that the process of applying this "fix" had not been executed properly, but still he insisted that he saw nothing wrong, in principle, with replacing /usr/lib/perl5/5.8.6/CGI/Carp.pm with a home-doctored version.
This is when I had to bite my tongue, count to 10, and focus on not going ballistic.
The thing is, it seems to me so obvious that one shouldn't muck with anything in /usr/lib/perl5 that I actually have a hard time explaining it to someone who doesn't already see it. So maybe it's all just a prejudice on my part...
(To add irony to injury, the motivation for the "fix" was that this person considers that CGI::Carp produces error messages that would be confusing to most users. Now, as merlyn often points out, letting untrusted users see CGI::Carp messages is a security breach, so worrying about confusing users with CGI::Carp messages implies a misuse of CGI::Carp. But, I was already having a hard enough time making the case for the obvious, so I figured I'd leave the (maybe) less obvious for some other day.)
In the past, whenever I haven't liked the way some module from CPAN behaves, I make a copy of the module, put it in my privlib, and change it there. Depending on the situation, I may subclass the original class, or just cannibalize the code I need and stick in a new module. There are many approaches, but the one thing they all have in common is that they leave the shared stuff intact. Isn't this all self-evident?
Any persuasive talking points and any other words of wisdom on the subject would be much appreciated.
(There. I'm feeling much better already.)
the lowliest monk