In http://rt.cpan.org/Ticket/Display.html?id=17934, a Test::MockObject user
dislikes the t/0-signature.t test that always runs. If the user does not
have Module::Signature installed, no tests run. If the user does have
Module::Signature installed but not configured properly, the test will fail.
If it is the case that CPAN and CPANPLUS check signatures, if the user has the
proper modules installed, is there value in including this test with signed
distributions?
-- c
The problem with these is that Module::Signature fails when it
should warn if the key is not present in the user's keyring.
If this technical issue is solved then regardless of whether or not
signature tests are useless (i think they are, but then again i also
think i have some modules with Test::Distribution that checks
that... so I am a hypocrit ;-) the usability of these tests will be
good enough.
(I'm CCing audrey so that she'll know I'm dissing her module ;-)
--
() Yuval Kogman <nothi...@woobling.org> 0xEBD27418 perl hacker &
/\ kung foo master: /me beats up some cheese: neeyah!!!!!!!!!!!!!!!!!
The main problem seemed to be that it will install even if it's
configuration cannot be confirmed, when I think it might be preferable
to not install at all if it cannot be confirmed.
I've also move Module::Signature into the Module::Install repository
(which seems to be fast becoming an orphanage for collaboratively
maintaining installation toolchain modules without a strongly active
author).
So if anyone already has commit for Module::Install and can think of
small improvemens to make, you should be able to help fix Module::Signature.
Adam K
> Hi all,
> In http://rt.cpan.org/Ticket/Display.html?id=17934, a Test::MockObject user
> dislikes the t/0-signature.t test that always runs.
I have filed a couple of bug reports against distributions with a
wrong signature and I have even released such myself. Now, with a
combination of having t/0-signature.t and a dependency from 'release'
to 'disttest', this cannot happen.
qed:)
--
andreas
I think it should be like the standard Test::Pod's pod.t and only run
when an env var is set to true.
Patches... welcome to Module::Signature. :-)
Audrey
> I think it should be like the standard Test::Pod's pod.t and only run
> when an env var is set to true.
>
> Patches... welcome to Module::Signature. :-)
Do you mean that it's valuable only for the author to run (perhaps during
disttest) and rarely useful for the user to run during installation?
-- c
Aye. Though I can imagine users who'd like to run them as well... This is
after all not that different from the Test::Pod situation, in it that it
verifies integrity of the distribution and not the module's function itself.
Audrey
For a user, how does signature.t act differently to the built-in
signature checking of CPAN.pm.
What does it add? (apart from hung blocky non-blocking connections to
the keyserver on Win32) :(
Adam K
It adds the annoyance that a local test suddenly wants to connect to the
outside world. Thats fun, when the outside world is not available...
Best wishes,
Tels
--
Signed on Sat Mar 18 09:33:06 2006 with key 0x93B84C15.
Visit my photo gallery at http://bloodgate.com/photos/
PGP key on http://bloodgate.com/tels.asc or per email.
Kernel Panik is here! - http://ubersoft.net/kpanic/