Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What is the Value of t/0-signature.t?

1 view
Skip to first unread message

Chromatic

unread,
Mar 9, 2006, 3:51:02 PM3/9/06
to per...@perl.org
Hi all,

In http://rt.cpan.org/Ticket/Display.html?id=17934, a Test::MockObject user
dislikes the t/0-signature.t test that always runs. If the user does not
have Module::Signature installed, no tests run. If the user does have
Module::Signature installed but not configured properly, the test will fail.

If it is the case that CPAN and CPANPLUS check signatures, if the user has the
proper modules installed, is there value in including this test with signed
distributions?

-- c

Yuval Kogman

unread,
Mar 9, 2006, 3:55:25 PM3/9/06
to chromatic, per...@perl.org, autr...@cpan.org
On Thu, Mar 09, 2006 at 12:51:02 -0800, chromatic wrote:
> Hi all,
>
> In http://rt.cpan.org/Ticket/Display.html?id=17934, a Test::MockObject user
> dislikes the t/0-signature.t test that always runs. If the user does not
> have Module::Signature installed, no tests run. If the user does have
> Module::Signature installed but not configured properly, the test will fail.

The problem with these is that Module::Signature fails when it
should warn if the key is not present in the user's keyring.

If this technical issue is solved then regardless of whether or not
signature tests are useless (i think they are, but then again i also
think i have some modules with Test::Distribution that checks
that... so I am a hypocrit ;-) the usability of these tests will be
good enough.

(I'm CCing audrey so that she'll know I'm dissing her module ;-)

--
() Yuval Kogman <nothi...@woobling.org> 0xEBD27418 perl hacker &
/\ kung foo master: /me beats up some cheese: neeyah!!!!!!!!!!!!!!!!!

Adam Kennedy

unread,
Mar 9, 2006, 4:09:56 PM3/9/06
to per...@perl.org
I've started to do a little bit of work on Module::Signature.

The main problem seemed to be that it will install even if it's
configuration cannot be confirmed, when I think it might be preferable
to not install at all if it cannot be confirmed.

I've also move Module::Signature into the Module::Install repository
(which seems to be fast becoming an orphanage for collaboratively
maintaining installation toolchain modules without a strongly active
author).

So if anyone already has commit for Module::Install and can think of
small improvemens to make, you should be able to help fix Module::Signature.

Adam K

Andreas J. Koenig

unread,
Mar 9, 2006, 11:30:33 PM3/9/06
to chromatic, per...@perl.org
>>>>> On Thu, 9 Mar 2006 12:51:02 -0800, chromatic <chro...@wgz.org> said:

> Hi all,
> In http://rt.cpan.org/Ticket/Display.html?id=17934, a Test::MockObject user
> dislikes the t/0-signature.t test that always runs.

I have filed a couple of bug reports against distributions with a
wrong signature and I have even released such myself. Now, with a
combination of having t/0-signature.t and a dependency from 'release'
to 'disttest', this cannot happen.

qed:)
--
andreas

Audrey Tang

unread,
Mar 10, 2006, 5:38:00 AM3/10/06
to chromatic, per...@perl.org, autr...@cpan.org
Yuval Kogman wrote:
> The problem with these is that Module::Signature fails when it
> should warn if the key is not present in the user's keyring.
>
> If this technical issue is solved then regardless of whether or not
> signature tests are useless (i think they are, but then again i also
> think i have some modules with Test::Distribution that checks
> that... so I am a hypocrit ;-) the usability of these tests will be
> good enough.

I think it should be like the standard Test::Pod's pod.t and only run
when an env var is set to true.

Patches... welcome to Module::Signature. :-)

Audrey

signature.asc

Chromatic

unread,
Mar 16, 2006, 1:42:09 PM3/16/06
to Audrey Tang, per...@perl.org, autr...@cpan.org
On Friday 10 March 2006 02:38, Audrey Tang wrote:

> I think it should be like the standard Test::Pod's pod.t and only run
> when an env var is set to true.
>
> Patches... welcome to Module::Signature. :-)

Do you mean that it's valuable only for the author to run (perhaps during
disttest) and rarely useful for the user to run during installation?

-- c

Audrey Tang

unread,
Mar 17, 2006, 12:12:32 PM3/17/06
to chromatic, Audrey Tang, per...@perl.org, autr...@cpan.org
On 3/17/06, chromatic <chro...@wgz.org> wrote:
>
> Do you mean that it's valuable only for the author to run (perhaps during
> disttest) and rarely useful for the user to run during installation?


Aye. Though I can imagine users who'd like to run them as well... This is
after all not that different from the Test::Pod situation, in it that it
verifies integrity of the distribution and not the module's function itself.

Audrey

Adam Kennedy

unread,
Mar 17, 2006, 9:39:20 PM3/17/06
to per...@perl.org

For a user, how does signature.t act differently to the built-in
signature checking of CPAN.pm.

What does it add? (apart from hung blocky non-blocking connections to
the keyserver on Win32) :(

Adam K

Tels

unread,
Mar 18, 2006, 3:33:49 AM3/18/06
to per...@perl.org
Moin,

It adds the annoyance that a local test suddenly wants to connect to the
outside world. Thats fun, when the outside world is not available...

Best wishes,

Tels

--
Signed on Sat Mar 18 09:33:06 2006 with key 0x93B84C15.
Visit my photo gallery at http://bloodgate.com/photos/
PGP key on http://bloodgate.com/tels.asc or per email.

Kernel Panik is here! - http://ubersoft.net/kpanic/

0 new messages