[Israel.pm] [Fwd: Failed: PAUSE indexer report SEMUELF/Data-ParseBinary-0.07.tar.gz]

Yitzchak Scott-Thoennes sthoenna at efn.org
Tue Sep 23 13:57:35 PDT 2008


See http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html and (in
that thread) http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html

Basically, your packaging presents a security threat; someone installing
your module can untar it and something come along and overwrite the
contents of Makefile.PL before it's run.

And Andreas has made the call to prevent indexing such packages, knowing
that that will cause a lot of pain (and presumably a lot of pressure to
fix whatever is wrong with people's build practices/tools that is
causing the problem).

On Tue, September 23, 2008 1:42 pm, Shmuel Fomberg wrote:
> Hi All.
>
> What does that means?
>
> Shmuel.
>
> -------- Original Message --------
> Subject: 	Failed: PAUSE indexer report
> SEMUELF/Data-ParseBinary-0.07.tar.gz
> Date: 	Tue, 23 Sep 2008 22:22:55 +0200
> From: 	PAUSE <upload at pause.perl.org>
> To: 	owner at semuel.co.il, andreas.koenig.gmwojprw+pause at franz.ak.mind.de
>
>
>
>
> The following report has been written by the PAUSE namespace indexer.
> Please contact modules at perl.org if there are any open questions.
> Id: mldistwatch.pm 1063 2008-09-23 05:23:57Z k
>
>
> User: SEMUELF (Shmuel Fomberg)
> Distribution file: Data-ParseBinary-0.07.tar.gz
> Number of files: 38
> *.pm files: 18
> README: Data-ParseBinary-0.07/README
> META.yml: No META.yml found
>
>
> META-driven index: no
> Timestamp of file: Tue Sep 23 20:21:24 2008 UTC
> Time of this run: Tue Sep 23 20:22:55 2008 UTC
>
>
> The distribution contains the following world writable directories or
> files and is therefore considered a security breach and as such not being
> indexed: Data-ParseBinary-0.07/ Data-ParseBinary-0.07/lib/Data/
> Data-ParseBinary-0.07/lib/Data/ParseBinary/
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ Data-ParseBinary-0.07/t/
> Data-ParseBinary-0.07/Changes Data-ParseBinary-0.07/MANIFEST
> Data-ParseBinary-0.07/Makefile.PL Data-ParseBinary-0.07/README
> Data-ParseBinary-0.07/lib/Data/ParseBinary.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Adapters.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Constructs.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Core.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Bit.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/File.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/String.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/StringBuffer.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Wrapper.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/Streams.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/DataCap.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecELF32.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecPE32.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/FileSystemMbr.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsBMP.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsEMF.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsPNG.pm
> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsWMF.pm
> Data-ParseBinary-0.07/t/01various.t Data-ParseBinary-0.07/t/02streams.t
> Data-ParseBinary-0.07/t/03lib.t Data-ParseBinary-0.07/t/_ctypes_test.so
> Data-ParseBinary-0.07/t/bitmapx1.bmp
> Data-ParseBinary-0.07/t/bitmapx24.bmp
> Data-ParseBinary-0.07/t/bitmapx4.bmp
> Data-ParseBinary-0.07/t/bitmapx8.bmp Data-ParseBinary-0.07/t/cap2.cap
> Data-ParseBinary-0.07/t/emf1.emf Data-ParseBinary-0.07/t/notepad.exe
> Data-ParseBinary-0.07/t/png1.png Data-ParseBinary-0.07/t/png2.png
> Data-ParseBinary-0.07/t/python.exe Data-ParseBinary-0.07/t/sqlite3.dll
> Data-ParseBinary-0.07/t/wmf1.wmf . Hint: maybe try 'make dist' or 'Build
> dist'.
>
>
> __END__
>
>
>
> _______________________________________________
> Perl mailing list
> Perl at perl.org.il
> http://perl.org.il/mailman/listinfo/perl
>
>





More information about the Perl mailing list