use Perl

• Good idea! (Score:1)

  by jj (2990)

  It would be great if the Imager::File::* modules could build a private copy of the required libraries in the module directory, similar to Alien::Zlib [cpan.org]. This would really simplify installation, especially for users without root access.
  • Re:Good idea! (Score:1)

    by tonyc (123) <{tony} {at} {develop-help.com}> on 2009.09.21 7:40 (#70647) Homepage Journal

    As a mechanism, I'd probably have it depend on Alien::libgif (for example) which could then could either detect or build libgif.

    My main problem with the typical Alien:: module is that it installs the module from source rather than as a native package for the current system, which means if the vendor releases any security updates Imager (or whatever) will still be using vulnerable libraries.

    One option could be to have Alien::libgif realize it was on a Debian system and then depend on say Alien::Debian::libgif which apt-get installs libgif-dev, or on Redhat, Alien::Redhat::libgif which yum installs giflib-devel

    Of course, if it detected libgif already installed it would just return that.

    If the system didn't have a known package manager (or libgif package) it could then install from source, possibly as Alien::Source::libgif.

    Of course, this could be overcomplex, but I really don't want to add extra insecure software to user's machines.

    Reply to This

    Parent

    • Re: (Score:1)

      by Alias (5735)

      The purpose of Alien:: is to not necessarily to install it from source.

      It's job is to ENSURE that it is on the system, and provide access to information about the installed version.

      You can quite reasonably have the regular Alien::libgif install from Debian if you want, or use the existing installed one, as long as it still compiles as a last resort, and it returns the information about the installed module.