in reply to Production Environments and "Foreign" Code
However I can understand a policy of saying "this and this and this and this we take from the outside, and anything else needs to be evaluated first". Anyone can upload as much crap on CPAN as they wish. The standard distribution has been tested by a lot of people - but you don't know that from some random module on CPAN. I don't share the often voiced opinion "if it's on CPAN, it has to be good", although it's usually not said with those words. There are a lot of crap coders out there. There are a lot of crap Perl coders out there as well. All that's required to upload something to CPAN is pushing a few buttons on a webpage. Pause is not a 'bad code' firewall.
I've used CPAN modules in production code. But only well used modules, which have gotten good reviews.