Thor, please elaborate on why "chances are" there's no need for access control in a system that big. Perhaps you interpreted the word "enforcing" in an absolute sense? This is open source: all access control is advisory.

Exposing a member variable in a public API has the disadvantage of freezing an implementation detail. Standard OO theory says that's probably not a good idea in either large or small systems. The distinction between large and small is in the internal API -- it's more important that components in a large system do not violate encapsulation of other components.

Say you have only two small hash-based classes in your distro and one accesses a hash member in the other directly. When you refactor and change the name of that variable, you can just check the other file and be sure that there aren't any ill consequences. In a large system, that's not feasible because it's prohibitively time-consuming and difficult to inspect all the code in the project every time you change an implementation detail. However, with the ACL policy I have in place, I can change how any hash member or leading-underscore sub behaves and feel confident that I only have to check the file I'm currently editing.

My point is that if you use anything but the publicly defined interface, you take your life into your own hands. Make the interface to each class clean and you don't have to worry about breaking people that don't use it. I don't feel bad if I break the code of someone who relied on a non-public interface to one of my classes. Some people don't understand that you don't need things like protected or private.

As an aside, the openness or closedness of the source has little to do with this conversation. There are plenty of open source Java programs that must implement the class control mechanisms mentioned above because that's the way that that language works. In its current incarnation, Perl has no such notions.

thor

The only easy day was yesterday

My point is that if you use anything but the publicly defined interface, you take your life into your own hands. Make the interface to each class clean and you don't have to worry about breaking people that don't use it. I don't feel bad if I break the code of someone who relied on a non-public interface to one of my classes. Some people don't understand that you don't need things like protected or private.

Well, that depends on your definition of need.

While the _private_method naming convention is a nice signal to the reader that this particular subroutine is not part of the public API, it doesn't help with encapsulation. See Re^2: characterstics of private in perl and Re^4: Encapsulation through stringification - a variation on flyweight objects for some examples of where this sort of encapsulation problem can cause problems for people who are not deliberately poking at things they shouldn't be.

Sure they can go poke at the source and figure out the problem. But wouldn't it be nicer if the language stopped it happening in the first place?

(and of course this need not stop people being able to poke into the innards if they want to - just provide a separate syntax.)