Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: Malware on CPAN

by thomas895 (Chaplain)
on Jun 20, 2012 at 21:50 UTC ( #977482=note: print w/replies, xml ) Need Help??

in reply to Malware on CPAN

It's called reading the code. Of course, everything can be abused in one way or another, but the trick is to avoid sketchy modules and suspicious authours.
If you are truly paranoid, use a VM image and install it on that to see if it does anything malicious.

Also, while the binary packages for your system can be useful, it's sometimes best to avoid them. On openSUSE, if you become part of the build service, you can upload what you have compiled from the CPAN(for example), with your own malicious tweaks. Of course, that is one way to get nasty emails and negative "internetz". ;-)
As a security precaution, I only use the official repos, which contain tested and verified software. Of course, nothing is guaranteed, and it's always possible something slipped through. Generally, however, I do not use the home:* repos.

confess( "I offer no guarantees on my code." );

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://977482]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2018-06-20 04:09 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (116 votes). Check out past polls.