Bug#571623: "version: !perl/Module::Build::Version" results in broken Debian version
Jozef Kutej
jozef at kutej.net
Fri Feb 26 16:44:05 UTC 2010
Damyan Ivanov wrote:
> Shouldn't this be loaded by the module which parses META.yml? In
> dh-make-perl's case this is the YAML module (I also tried with
> YAML::Syck and YAML::XS).
hmm that could be a security risk, if by loading yaml file some other module
would be automatically loaded, or?
> I mean, how would dh-make-perl know that it has to pre-load module X?
Class-Accessor-Assert-1.40$ perl -MScalar::Util=blessed -MYAML::Syck -le 'print
blessed LoadFile("META.yml")->{'version'}'
Module::Build::Version
so it is theoretically possible to get the class if the version is blessed and
then load it if not loaded. but i would go for a safe choice of just adding "use
Module::Build::Version;" line to DhMakePerl.pm. if there will be more META.yml-s
with strange classes than it could be reconsidered.
still i can send a patch that will load the {'version'} class if you'll want it.
j
More information about the pkg-perl-maintainers
mailing list