Bug#942851: perl-modules-5.30: CPAN.pm is insecure by default, no warnings
Vincent Lefevre
vincent at vinc17.net
Thu Oct 24 09:39:44 BST 2019
On 2019-10-23 22:20:04 +0300, Niko Tyni wrote:
> FWIW this has been the case since forever.
Yes, but almost no-one knows about this security issue. Using the
CPAN client is generally recommended on the web, but I have never
seen any mention of this security issue, not even on the cpan website:
https://www.cpan.org/modules/INSTALL.html
The "quick start" starts with "cpan App::cpanminus"...
Even I was quite surprised. Security may not have been much concerned
10 - 15 years ago, but nowadays one expects that software is safe
(modulo bugs).
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Perl-maintainers
mailing list