Re: [Module-build-general] signature verification and some bug fixes
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
Re: [Module-build-general] signature verification and some bug fixes
|
From: Dave R. <au...@ur...> - 2003-07-04 03:45:04
|
On Thu, 3 Jul 2003, Ken Williams wrote: > > On Thursday, July 3, 2003, at 02:25 PM, Dave Rolsky wrote: > > Oops, I was wrong. It respects your MANIFEST.SKIP file. But that > > _would_ > > need to be included in the released distro, which is probably worth > > noting > > somewhere in the docs. > > I think maybe the right thing to do would be to check somewhere in > new() for the presence of a SIGNATURE file, and for whether > Module::Signature is available, and if so, to attempt to verify the > signature. This would (typically) happen before any other files got > created, so it should generally work. > > However, the REAL right time to do it is BEFORE running the Build.PL > file, obviously - if you're already running scripts you downloaded off > the net, it's a little late to be checking signatures! So I'm thinking > we might want to not support this at all, on general principle. Good point. This should really be integrated in CPAN.pm and CPANPLUS. -dave /*======================= House Absolute Consulting www.houseabsolute.com =======================*/ |
