File permission vulnerabilities and Module::Pluggable
David Cantrell
david at cantrell.org.uk
Wed Jan 21 12:12:52 GMT 2009
On Wed, Jan 21, 2009 at 12:46:45AM +0000, Johan Lindstr?m wrote:
> At 23:47 2009-01-20, Simon Wistow wrote:
> >Thoughts?
> Make it optional. But feature both the dependency and the config
> parameter prominently in the docs. Especially in the SYNOPSIS.
> See it as a Teachable Moment.
Optional, with a warning if the feature's not available. Make it
possible to disable the warning with an import() parameter.
The warning should point at the line of code where Module::Pluggable is
being loaded, so that the user knows exactly where to turn it off.
For extra evil and getting the word out to any authors who depend on
your module but don't themselves have the most recent version, die()
when the warning isn't turned off, and the extra feature isn't
available, and it's not just your test suite being run, and
AUTOMATED_TESTING is set in the environment :-)
--
David Cantrell | Minister for Arbitrary Justice
You can't spell AWESOME without ME!
More information about the london.pm
mailing list