CPAN - Should Module::Signature's usage be a configurable option?

[ home | FAQ | about | stats | new post | login | register | tags ]
Attend the Test automation using Perl master class on 19-20 June in Chicago, IL. Just after YAPC::NA

CPAN [search.cpan.org] [Kobes search] [View and report bugs] [Ratings 3.8 (4) ]
[AnnoCPAN] [CPAN Tests results] [CPANTS]

Posted on Thu Jan 12 21:04:49 2006 by cpanelben
Should Module::Signature's usage be a configurable option?
In the lastest versions of CPAN, Module::Signature will be used if available. In theory I think this is a great idea, but in practice it is seeming to cause more harm than good. I've come across several modules with invalid SIGNATURE files/missing gpg keys on public servers (and yes I've contacted the authors). I'm sure that Module::Signature can be optimized to handle the missing gpg keys a little more robustly (currently a missing public key means the module cannot be installed through CPAN/CPANPLUS), but I personally would like to see a CPAN/CPANPLUS option to make gpg signature checking optional while the Module::Signature code matures a bit more. I know that I can simply remove Module::Signature, but I have to script this on a variety of platforms and I cringe at the idea of trying to handle this safely.
Write a response

[ home | FAQ | about | stats | new post | login | register | tags ]
Attend the Test automation using Perl master class on 19-20 June in Chicago, IL. Just after YAPC::NA
Service launched on 2nd of February 2005.
Comments, and other submissions on CPAN Forum are Copyright 2005-2007, their respective owners.
Site maintainer is not responsible for content. Privacy Policy
Maintained and hosted by Gabor Szabo at Perl Training Israel
See also World Wide Perl Training