Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

4. Distributing Your Tests (and Code) > Distribution Signatures

Distribution Signatures

Cryptographically signing a distribution is more of an integrity check than a security measure. As the documentation for Test::Signature explains, by the time the make test portion of the installation checks the signature of a module, you’ve already executed a Makefile.PL or Build.PL, giving potentially malicious code the chance to run. Still, a signed distribution assures you that every file in the distribution is exactly what the author originally uploaded.

Signing a module distribution creates a file called SIGNATURE in the top-level directory that contains checksums for every file in the distribution. The author then signs the SIGNATURE file with a PGP or equivalent key. If you sign your distribution, you should include a signature validity check as part of the test suite.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint