Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re: Malware on CPAN

by thomas895 (Chaplain)
on Jun 20, 2012 at 21:50 UTC ( #977482=note: print w/replies, xml ) Need Help??

in reply to Malware on CPAN

It's called reading the code. Of course, everything can be abused in one way or another, but the trick is to avoid sketchy modules and suspicious authours.
If you are truly paranoid, use a VM image and install it on that to see if it does anything malicious.

Also, while the binary packages for your system can be useful, it's sometimes best to avoid them. On openSUSE, if you become part of the build service, you can upload what you have compiled from the CPAN(for example), with your own malicious tweaks. Of course, that is one way to get nasty emails and negative "internetz". ;-)
As a security precaution, I only use the official repos, which contain tested and verified software. Of course, nothing is guaranteed, and it's always possible something slipped through. Generally, however, I do not use the home:* repos.

confess( "I offer no guarantees on my code." );

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://977482]
[ambrus]: I don't much like highlighting matching parenthesis, because I've had some bad experiences with distracting implementations of that.

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (11)
As of 2017-02-27 13:05 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (385 votes). Check out past polls.