Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: why I will not use ActiveState again

by gisle (Novice)
on Dec 01, 2006 at 23:18 UTC ( [id://587333]=note: print w/replies, xml ) Need Help??


in reply to Re: why I will not use ActiveState again
in thread Getting Fed Up with ActiveState

You'll find the following note in the ActivePerl ChangeLog:
* File::Path's rmtree() function has been replaced to address security vulnerability CAN-2005-0448.

We have basically adopted the version from Debian Linux.

BTW, we also publish this patch file that documents how the current ActivePerl differs from the official 5.8.8.

  • Comment on Re^2: why I will not use ActiveState again

Replies are listed 'Best First'.
Re^3: why I will not use ActiveState again
by rjbs (Pilgrim) on Dec 02, 2006 at 14:02 UTC
    Unfortunately, when someone comes to me and says, "Your module produces errors or warnings on my ActivePerl install," it's difficult for me to determine that it's because a core module several layers up the chain is different. I certainly don't want to consult that patch file for every recursively included module. The changed rmtree didn't just address some vulnerability, it introduced at least one new behavior, carping on [] as the first arg to rmtree. With a core that doesn't behave like the perl core, it's harder to support. The changes may be minor, but they're distracting and make debugging take significantly longer where it shouldn't, liked in pure Perl modules. As someone who tries to support every platform, I find it very frustrating.
    rjbs
[reply]
      it's difficult for me to determine that it's because a core module several layers up the chain is different

      I think that point of yours (along with the rest of your post) is fair enough. And I also think that ActiveState's decision to modify the module is fair enough.

      So ... let's get constructive about the issue ... what should they be doing (from the perspective of a module author) when they perceive a need to amend a core module ?

      Cheers,
      Rob
[reply]

        Duh. You change the version number whenever you allow a change to any module to escape your tight little grasp.

        In the case of emergency changes, try to change the version number in a way that won't conflict with the next version that the real author of the module is likely already working on and will be releasing soon, before he notices that you've upgraded out of his control. I usually do this by incrementing by a smaller-than-usual amount (such as appending "001" to the end).

        - tye        

[reply]
        what should they be doing (from the perspective of a module author) when they perceive a need to amend a core module

        My two cents, At a minimum, make sure any thing that dies/carps mentions that it's a patched version of the module and bump/alter the version number. Better would be to get the patch taken upstream -- or, in this case, perhaps, get File::Path pulled out as a dual core/CPAN module so the patch could be made generally available in the "latest" release of the module on CPAN.

        -xdg

        Code written by xdg and posted on PerlMonks is public domain. It is provided as is with no warranties, express or implied, of any kind. Posted code may not have been tested. Use of posted code is at your own risk.

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://587333]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (4)
As of 2024-04-19 21:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found