Tels wrote:
And, "improve compatibility" - with broken systems? OMG. :)
Yeah, you know, like when you comment this out before release :-)
# die("Sorry, you must have a computer to run this software\n")
# if($^O =~ /win32/i);
Given that Mod::Sig checks are just that the signature is valid, not
that the signature matches a known/registered developer, the security
aspect is already minimal.
This is a security bug and should then be fixed ASAP.
Given that you have to be logged in to the PAUSE and have permission to
upload stuff for that module, then I don't think that signatures matter
in the slightest. It doesn't give you any kind of trust metric (like,
say, that the author is a nice guy and his Makefile.PL won't delete your
home directory) that you don't already have from the fact that my module
had to have been uploaded by me.
--
David Cantrell
