Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

  (email not shown publicly)
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Wednesday September 13, 2006
08:35 AM

Naughty CPAN Modules

[ #30981 ]

You know, I don't feel comfortable that this file automatically tries to email the author of the module when installed via cpan or cpanplus. I suppose it's not a big deal for most folks, but it really bugs me when automated things do stuff I'm not expecting.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • What about a CPANTS rule "phone_home" which implies a penalty (negative score) for those modules? Well the problem is how to determine it is phoning home - should be hard to automate such detection. Well, right now, I think that a note at CPAN ratings would be better than nothing.
  • Hey, I saw people like this module (see Mail-Sendmail reviews [] at CPAN ratings). Maybe discussing with the author to change the code to ask permission or SKIP test unless a certain environment variable was defined could be a fast solution.
  • Normally, I'm totally opposed to a "phone_home" attempt hidden in a module, but this is for sendmail and it's in a test file.

    Moreover, the author has this disclaimer:

    # unattended Mail::Sendmail test, sends a message to the author
    # but you probably want to change $mail{To} below
    # to send the message to yourself.

    So this one doesn't bother me so much, as it seems well-intended as part of a test instead of being something for tracking purposes.

    There's probably a clever ways to test without actually need

    • The disclaimer doesn't matter much when you're running cpanplus and you see it scroll past and there's nothing you can do about it. Also, I'm sure there are plenty of folks who can think of reasons why they don't want email automatically sent, whether they saw a warning message flash by or not.

      And yes,someone (possibly me since I'm grumbling) should offer a patch. At the very least, something which prompts the person "do you really want to send an email?"

      • It might me just me, but if such mails bother you, perhaps you shouldn't blindly run software you downloaded from the web. Automatically even.
    • There is a warning when Makefile.PL is run but not very much time to cancel out if you really do not like the idea. A prompt would be nice.
      Not really too naughty , well compared to the CPAN module that (used to?) downloads some perl code from the authors website and eval it.
  • I've often wanted to know when people install one of my modules. Do you have a suggestion of a good way to do it? I was thinking of something like:

    local $SIG{ALARM} = sub { die "alarm" };
    print "[This question will timeout in 5 seconds and default to 'No']\n";
    my $val = eval { prompt("Send message to module author that you installed $module?", "Y") };
    $val = "N" if $@;
    if ($val =~ /^Y/i) {

    Would that be reasonable?

    • It might be reasonable if alarm() was portable!

      On the other hand, tracking users is probably as futile as web hit counters.
      • I thought the non-portability of alarm() was a solved problem? At least for simple cases like reading STDIN.
        • Well, as far as I know, alarm() doesn't work on win32. But I may well be wrong since I haven't tried it for some time.
    • I'd feel a lot more comfortable with that, but there's a better way. If you're using ExtUtil::MakeMaker (and I believe Module::Build offers the same functionality), then you can force a default if not running interactively. From the docs []:

      If prompt() detects that it is not running interactively and there is nothing on STDIN or if the PERL_MM_USE_DEFAULT environment variable is set to true, the $default will be used without prompting. This prevents automated processes from blocking on user input.

      • Interesting. But I'd almost *rather* the user could choose even under the CPAN shell to not send the info (but still have the default be 'Y'). Hence the alarm() so that it only blocks for 5 seconds.
    • A year or so ago I thrashed out a solution with #perl that sucked as little as possible, and was the least annoying thing we could come up with. []

      Whenever anyone asks about CPAN statistics or phone home implmentations, I point them at that.

      Although I have to say adding the idea of UDP is interesting and probably would add some value to it.
      • Adam, I like the idea. I think it is well thought out and deserves to be pushed. My only suggestion, as a tip o' the hat to the FOAD crowd is that it the setting should default to 'never', not 'ask'.

        The question can be asked the next time the config process is run, but defaulting to 'ask' is wrong, since you're now adding a new hoop to jump through by default, where none existed before.