Paul Wise: > I suggest the Perl team: > > Audit new/updated Perl code for known-unsafe behaviour, like using > `use lib`, qx/``, system/popen without lists, open with pipes etc. > Talk to Perl upstream about deprecating all these things. > > Run perlcritic (and maybe other linters) over new/updated Perl code > introduced to Debian. > > https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git/tree/data/perl > > Please note that you *must* run perlcritic with --noprofile (or from a > trusted directory) otherwise you will be subject to arbitrary code > execution via potentially untrusted code from the current directory. Hi Paul, there was some discussion about this topic yesterday at the Perl sprint in Lloret de Mar. No actions decided yet, just drafted a potential roadmap: https://gobby.debian.org/export/Teams/Perl/Team-Sprint-Lloret-2017 Thanks! Alex
Attachment:
signature.asc
Description: Digital signature