我怎么知道我是否可以信任CPAN模块
[英]How do I know if I can trust a CPAN module
问题描述
I am just thinking before I install and use a CPAN module how do I know if it is safe to use it. 
我在安装和使用CPAN模块之前只是在考虑如何知道它是否安全使用它。
Anyone else has the same concern ? 其他人有同样的担忧吗?
Thanks 谢谢
1 个解决方案
解决方案1
3 已采纳 2014-03-06 06:17:51
There are various sides of being "safe to use": “安全使用”有各种各样的方面:
- Can I trust it, eg might it be malicious? 我可以相信它,例如它可能是恶意的吗? This is the question you should also ask to your operating system, perl installation, hardware producer etc. 这个问题也应该问你的操作系统,perl安装,硬件生产商等。
- Is the CPAN repository safe, eg did someone hack with the module? CPAN存储库是否安全,例如有人破解模块吗? While some modules have a signature most don't. 虽然有些模块有签名但大多数都没有。 So you might be better with using a packed module from your OS, which often add a signature when packing the module. 因此,使用操作系统中的压缩模块可能会更好,这通常会在打包模块时添加签名。
- Is the module stable enough to use? 模块是否足够稳定可供使用? For that you might look at the history, test coverage and bug statistics, eg does the author even care about the module any more or was it abandoned years ago with lots of bugs open. 为此您可以查看历史记录,测试覆盖率和错误统计信息,例如,作者是否甚至更关心模块或多年前放弃了大量的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何将 Perl 模块发布到 CPAN? - How do I release a Perl module to CPAN?
如何手动从CPAN编译XS模块? - How do I compile an XS module from CPAN manually?
如何使用Test :: Unit :: TestCase Perl CPAN模块? - How do I use the Test::Unit::TestCase Perl CPAN module?
如何开始为 CPAN 编写模块? - How do I get started writing a module for CPAN?
如何使用XS将CPAN模块导入项目? - how do I import a CPAN module using XS into my project?
如何在不安装CPAN模块的情况下安装deps? - How do I install deps for CPAN module without installing it?
如何关注特定CPAN模块的更新? - How can I follow a particular CPAN module's updates?
如何根据给定模块列出所有CPAN模块? - How can I list all CPAN modules depending on a given module?
如何将CPAN模块安装到本地目录中? - How can I install a CPAN module into a local directory?
如何告诉cpan更改模块安装的目标? - How can I tell cpan to change the target for the module installation?
相关标签