On Fri, Apr 20, 2001 at 02:29:52PM -0400, Kirrily Skud Robert wrote:
> Johan and/or [EMAIL PROTECTED],
>
> What is the "official" best way to manage a module which may have
> different people acting as release managers over time? It seems
> like the only current way is to just have the release manager upload it
> under their own CPAN id.
I think that this just became an FAQ. You have accurately described
the "official" best way. modules@, should we craft a response and put it
on the web?
> This seems bad to me... currently CPAN allows anyone to upload anything
> with any name, so I (SKUD) could upload (for instance) an LWP module
> with a higher version number than the current one, and it could cause
> all kinds of problems. However, it would be fairly obvious that I'd
> done something bad, because someone would fairly rapidly realise that
> I'm not actually the maintainer of that module and spank me. Even that
> -- relying on a social fix to potentially dangerous exploits -- is
> pushing our luck, but at least it's *something*.
Could someone with more expertise (Andreas) field this question?
> If a module often changes hands, perhaps every couple of versions, then
> how will anyone know whether they can trust any given version?
One does not achieve trust of Open Source software based on finding
the source code in a particular directory.
> The situation becomes yet more complex when we have a family of modules,
> any of which could be maintained by different people over time.
> Wouldn't it be better to go to authors/id/R/RE/REEFKNOT/ and be able to
> see all the reefknot-related modules in one place? (We currently have
> Net::ICal, and will shortly have Net::ITIP, Net::IMIP, and a number of
> Reefknot::* modules).
CPAN.pm is the high-level interface to CPAN. One should not browse
the FTP directories directly and expect to be enlightened.
- Kurt
