Ability to flag indeterminate modules #100
Labels
embedded
A problem with a library embedded in a distro
Status: needs help
needs outside expertise or capacity
Type: enhancement
improve a feature that already exists
Comments
robrwo
added
Type: enhancement
|
Noted. I don't have time to work on this though. The real trick is to figure out what version of the external tool is installed if we are going to warn about a problem. That's going to be something special to every particular library. That's getting a bit far afield of what CPAN::Audit aims to be. Warning by guessing isn't a great solution either. People have been asking for less output, and if we say something like "there may be a problem", people will learn to always ignore those lines. But, maybe someone can figure out a way to only warn when there's an actual problem. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some modules (including Alien modules) will install the latest version of an external dependency. So it's possible that they may have security issues.
It would be useful to flag the dependency on external libraries, but with unknown versions. These would normally be ignored by the CPAN Audit scanning tool but a flag may be useful to indicate manual action is needed to check.
See #99 (comment)
The text was updated successfully, but these errors were encountered: