Randy J. Ray wrote:
I'm a fairly-recent addition to the list. I've read a good part of the
Welcome!
Secondly, having recently added digital-signing to a few of my modules, perhaps the presence of a SIGNATURE file might be a Kwalitee marker (with the caveat that it should be an actual Module::Signature-generate artifact, not just a zero-length file named "SIGNATURE"). I found the steps needed to add this to be pretty simple, not much more work than adding POD and POD-coverage tests to those same modules.
Module::Signature has caused a problem at various points for people who have it installed, but not configured properly. Given that, some developers have started removing SIGNATURE to improve compatibility.
Given that Mod::Sig checks are just that the signature is valid, not that the signature matches a known/registered developer, the security aspect is already minimal.
Regards, David Golden
