NeilB

The PAUSE permissions model is case-sensitive, which means that Foobar is treated as a different module from foobar. This all works fine unless your filesystem is case-insensitive, like on MacOSX, for example. In this article I expand on what the above means, and give some examples of problems that already exist on CPAN.

If you upload a new module to CPAN, via PAUSE, you are granted ownership over the module's name by PAUSE, and anyone else who subsequently tries to upload a module of the same name will fail (see the PAUSE Permissions link above for an explanation of exactly what 'fail' means here). You can see who has permissions for every module name on CPAN in modules/06perms.txt (warning: file is 8.5M).

The permissions model is case-sensitive, which means that Foo::Bar is treated as a different module from foo::bar, and Foo::bar. This is all fine if your filesystem is case-sensitive. But MacOSX's filesystem isn't, so this can cause problems. File::stat is a core module. I wasn't aware of File::stat's existence, and installed File::Stat (different case of 'S' on 'Stat'). In this case I got lucky: File::stat wasn't overwritten because it's a core module and File::Stat was installed in site_perl, where it got picked up first. I only discovered this because I'm using CPAN::Reporter, and various modules I tried to install reported fails to CPAN Testers, because the wrong module was being run. Fortunately for me, all I had to do was delete File::Stat from site_perl.

But this isn't the only example. I wrote a script to look for other cases, and here are some of the ones it found:

• underscore and Underscore.
• sane and Sane.
• CONFIG::Hash and Config::Hash.

There are also a lot of examples where at least one of the classes is provided by a differently named module.

• any and Any (provided by LLg).
• super (in Class::ClassDecorator) and SUPER.

These are still allocated permissions by PAUSE, so you can't define a class within another of your modules if your inner class has the same name as something already on CPAN. When you try and upload it to PAUSE, it will fail at the indexing stage. So, for SUPER and super, looking at 06perms.txt:

    SUPER,CHROMATIC,f
    SUPER,P5P,m
    super,DROLSKY,f

I also found plenty of examples where someone has changed the capitalisation of a class name between releases; for example:

    GeoHash in dist Y/YA/YAPPO/GeoHash-0.01.tar.gz
    Geohash in dist Y/YA/YAPPO/Geohash-0.04.tar.gz

This is a real problem: I broke a number of modules and only discovered it when two CPAN authors emailed me about CPAN testers reports. As a percentage of CPAN, there aren't all that many broken cases of the first type, but there are more of the second type above. And the number of CPAN dists is only increasing, so this could happen more and more.

I think PAUSE should be made case-insensitive for module permissions, and the currently 'broken' cases should be resolved (which would be a pain, I know). Another approach would be to continue letting this happen, but notify authors when they upload modules which will cause problems on MacOSX. Perhaps search.cpan.org might flag them in the same way it flags 'unauthorised releases'?

Update:

I've forked PAUSE, and am going to have a go at making this change.