Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: A Fit on NIH

by mirod (Canon)
on Jan 10, 2001 at 14:45 UTC ( [id://50903]=note: print w/replies, xml ) Need Help??


in reply to A Fit on NIH

OK, so I'll go and take the flak...

I don't think the problem is necessarily with security, I think it is with the total absence of quality control or at least ranking on CPAN.

I use quite a few modules from CPAN, and I am usually pretty satisfied with them... as long as I stick to "reputable" modules. On the other hand a cursory analysis of a somehow random sample of CPAN modules shows, as Dominus puts it so nicely "a lot of crap"!

Now how do I determine that a module is "reputable"? Well I've heard CGI.pm was used by a bunch of people ;--) so it is reputable, then everybody keeps yelling "use LWP!" and "use File::Find" so I guess they are OK too, and MJD's ego is too big to release a piece of crap with his name on, so Text::Template qualifies and if not, Template::Toolkit won a prize so it should be OK. Oh, and there's books about DBI and TK, so maybe I'll add them. Add a couple more and you have the list of those modules I use (or would use) with a reasonable degree of confidence.

On the other hand when I look at the number of XML modules on CPAN and the general level of quality and support you get for them I am a little scared. It goes from a widely used module changing interface and no longer backward compatible without changing major version, to the maintainer of another widely used module disappearing from the surface of this Earth (and thus his module not being able to cope with the aforementioned loss of compatibility), to "things" that are not (and apparently will never be) a complete module stored on CPAN, to (my personal favorite) maintainers unable to support a module because they "will do an internship at Microsoft so (they) won't have access to a computer this summer"... and all of those modules are presented the same way to unsuspecting users.

Now you tell me, how is joe user supposed to know which module he can safely use and which one will result in terrible pain and suffering debugging a module's code? For an unknown module, written by an unknown author, I'd say only thorough testing can help, and I see no shame in weighting this against rewriting the module (or at least the parts of the module that cover the required functionalities).

So yes CPAN is great, there's some great modules and an unbelievable amount of work in there. But there's also a good deal of crap and no easy way to figure out which is what.

That's it for my fit against CIH (CPAN Is Holy) ;--)

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://50903]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (4)
As of 2024-04-24 12:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found