Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: why I will not use ActiveState again

by syphilis (Canon)
on Dec 01, 2006 at 13:54 UTC ( #587189=note: print w/ replies, xml ) Need Help??


in reply to why I will not use ActiveState again
in thread Getting Fed Up with ActiveState

They totally replaced File::Path with another implementation that has different bugs and the same version number

You're quite right - which surprised me. A diff of ActivePerl build 819 and perl 5.8.8 built from CPAN source produced (in part) the following:

-our $VERSION = "1.08"; # but modified for ActivePerl +our $VERSION = "1.08";
I think they should have at least made mention of the modification in the File::Path documentation.

Cheers,
Rob


Comment on Re: why I will not use ActiveState again
Download Code
Re^2: why I will not use ActiveState again
by gisle (Novice) on Dec 01, 2006 at 23:18 UTC
    You'll find the following note in the ActivePerl ChangeLog:
    * File::Path's rmtree() function has been replaced to address security vulnerability CAN-2005-0448.

    We have basically adopted the version from Debian Linux.

    BTW, we also publish this patch file that documents how the current ActivePerl differs from the official 5.8.8.

      Unfortunately, when someone comes to me and says, "Your module produces errors or warnings on my ActivePerl install," it's difficult for me to determine that it's because a core module several layers up the chain is different. I certainly don't want to consult that patch file for every recursively included module. The changed rmtree didn't just address some vulnerability, it introduced at least one new behavior, carping on [] as the first arg to rmtree. With a core that doesn't behave like the perl core, it's harder to support. The changes may be minor, but they're distracting and make debugging take significantly longer where it shouldn't, liked in pure Perl modules. As someone who tries to support every platform, I find it very frustrating.
      rjbs
        it's difficult for me to determine that it's because a core module several layers up the chain is different

        I think that point of yours (along with the rest of your post) is fair enough. And I also think that ActiveState's decision to modify the module is fair enough.

        So ... let's get constructive about the issue ... what should they be doing (from the perspective of a module author) when they perceive a need to amend a core module ?

        Cheers,
        Rob

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://587189]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2014-07-24 03:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (156 votes), past polls