Good points. About the lack of an "all-controling CPAN site" - do you think this is a good thing? Aside from the increased resource benefits and (possibly) reduced data loss from creating mirrors, are there any other positives you can think of? Do you think it outweighs problems of Mirrors being set up that could distribute (intentionally or not) buggy/trojaned modules? Also, does anyone know what measures are currently in place to prevent this? thanks.

I don't see any benefits for having an all-controlled CPAN site. What would be the point? And of course, currently it's now possible to upload buggy or trojaned modules. Remember that PAUSE/CPAN lets anyone upload anything. The only rule CPAN has that uploaded source code must be freely distributable. That's it. There's no "seal of quality" slapped on anything uploaded to CPAN.

Uploaded and distributing software over the internet is old. Older than Perl itself. Remember that perl1 was distributed in comp.sources, which was actively being archived.

Tell me, what would be the advantages of an all-controlling CPAN site?

Abigail

Tell me, what would be the advantages of an all-controlling CPAN site?

A quality-control mechanism of some kind. Whether this is through authorized people reviewing the source code of modules or through some sort of module or author voting/ranking system. I'm aware CPAN isn't currently doing this, and it would involve a very large amount of work, but I believe it would prove advantageous.

Think of the current situation, do you conduct testing and thorough code reviews of every CPAN module you use? I do because I'm required to (and trust me, it sucks). This is a rather major problem facing large businesses wanting to use Perl. If you're wondering, oddly enough, my company's policy does not require I do this for core modules.