use Perl

• Tar hacks (Score:1)

  by dagolden (6584)

  This was a recent security hole fix for PAUSE/CPAN.

  On Windows, someone on the module-authors list found that they needed to rename their "tar" binary to "gnutar" and then create a tar.bat file that had this single line

  gnutar %* --owner=0 "--mode=0700"

  Andreas suggested that mode should really be 0755, so I'd suggest trying that first before falling back to 0700.

  -- dagolden
  • Re: (Score:1)

    by cosimo (4138)

    David, thanks for the tip.

    Frankly, I'm thinking that, like me, many CPAN authors that occasionally develop on Win32 will probably not know what's happening and how to fix.

    Do we need to patch our build tools (EU::MM and friends?) I could help here. And yes, it will take ages for everyone to upgrade, I know, but still...
    • Re: (Score:1)

      by dagolden (6584)

      A patch to EU::MM would help. Then Andreas could have the Indexer warning point people to upgrade their EU::MM.

      -- David
  • Re: (Score:1)

    by cosimo (4138)

    I tried this hack, and it sort of works. I had to drop the --owner=0 part, or my tar.exe would complain about non existing owner.

    I ended up with:

    move c:\bin\tar.exe c:\bin\gnutar.exe
vim c:\bin\tar.bat


    In tar.bat:

    @echo off
c:\bin\gnutar.exe %* --mode=0755


    Uploaded the new Imager-SkinDetector 0.02 on CPAN and it was indexed correctly. Thanks!
• See perl-qa (Score:2)

  by brian_d_foy (44)

  See the recent threads on the perl-qa list, especially Dealing with World-writable Files in the Archive of CPANDistributions [perl.org]. :)
  • Re: (Score:1)

    by cosimo (4138)

    Yes, I'm on perl-qa. But I gave up reading that thread, for several reasons...
• Motivation? (Score:1)

  by stu42j (6348)

  Is this module just an excuse to assemble a collection of "sample images" for testing? ;)
  • Re: (Score:1)

    by cosimo (4138)

    Partly, yes. Damn, you caught me. :-)