No, I think I perfectly understood. Maybe you missed the part in my previous post that said "if your .t file starts as..." That is, if one of your test files starts with that hash-bang line, even if you're on Windows, "make test" will run it under taint mode. (I don't think ExtUtils::* has anything to do with this, I think it's just that when the perl subprocess starts up, it reads that first line and interprets it.) If other unit test files do not have the -T, then those test files will not run under taint.

Test::Taint is related, but it won't do you much good without that -T flag on the hash-bang line.

I suspect you're thinking this is harder than it appears :-)

Remember that each .t file really is just a .pl file with a different extention denoting its purpose (test). Everything beyond that is simply convention. By convention, .t files test. By convention, .t files output TAP. By convention, .t files are only run by a TAP harness (such as prove). By unfortunate hysterical raisins, .t files are run with the -w flag given to perl.

I stand corrected. I added #!/usr/bin/env perl -T to the top of the file and print STDERR ("\n\n\nTaint = '", ${^TAINT}, "'\n\n\n"); down where the first test would be, and sure enough it printed "Taint = 1" on the console. I was under the mistaken impression that "make test" didn't load the .t file directly, but instead ran it in an eval.

Sorry I doubted you!