>>>>> On Mon, 22 Feb 2010 16:26:51 -0800, Michael G Schwern <schw...@pobox.com> >>>>> said:
> Adam Kennedy wrote: >> You should not add MYMETA.yml to the MANIFEST, it will NEVER ship to CPAN. >> >> Remove the signature test. > ...because its redundant, complicates testing, has little security > value and provides a false sense of security. > If a 3rd party has hijacked the tarball they can simply change the > signature test to always pass. In short, you're trusting the > untrusted code to do a self-diagnostic and tell you if you can trust > it. Your CPAN shell will already do a signature check. None of the above is a reason to tell people to drop a test. While I don't know what the bug is that the OP asked about it is no solution to suggest dropping a test. Next time you suggest to drop all tests, right? Oh, yes, maybe this is the solution to all testing problems. -- andreas
