PAUSE permissions should be case-insensitive

The PAUSE permissions model is case-sensitive, which means that Foobar is treated as a different module from foobar. This all works fine unless your filesystem is case-insensitive, like on MacOSX, for example. In this article I expand on what the above means, and give some examples of problems that already exist on CPAN.

My first thought is that PAUSE should be case-insenstive for its permissions model, but maybe there's another solution?

If you upload a new module to CPAN, via PAUSE, you are granted ownership over the module's name by PAUSE, and anyone else who subsequently tries to upload a module of the same name will fail (see the PAUSE Permissions link above for an explanation of exactly what 'fail' means here). You can see who has permissions for every module name on CPAN in modules/06perms.txt (warning: file is 8.5M).

The permissions model is case-sensitive, which means that Foo::Bar is treated as a different module from foo::bar, and Foo::bar. This is all fine if your filesystem is case-sensitive. But MacOSX's filesystem isn't, so this can cause problems. File::stat is a core module. I wasn't aware of File::stat's existence, and installed File::Stat (different case of 'S' on 'Stat'). In this case I got lucky: File::stat wasn't overwritten because it's a core module and File::Stat was installed in site_perl, where it got picked up first. I only discovered this because I'm using CPAN::Reporter, and various modules I tried to install reported fails to CPAN Testers, because the wrong module was being run. Fortunately for me, all I had to do was delete File::Stat from site_perl.

But this isn't the only example. I wrote a script to look for other cases, and here are some of the ones it found:

There are also a lot of examples where at least one of the classes is provided by a differently named module.

These are still allocated permissions by PAUSE, so you can't define a class within another of your modules if your inner class has the same name as something already on CPAN. When you try and upload it to PAUSE, it will fail at the indexing stage. So, for SUPER and super, looking at 06perms.txt:


I also found plenty of examples where someone has changed the capitalisation of a class name between releases; for example:

    GeoHash in dist Y/YA/YAPPO/GeoHash-0.01.tar.gz
    Geohash in dist Y/YA/YAPPO/Geohash-0.04.tar.gz

This is a real problem: I broke a number of modules and only discovered it when two CPAN authors emailed me about CPAN testers reports. As a percentage of CPAN, there aren't all that many broken cases of the first type, but there are more of the second type above. And the number of CPAN dists is only increasing, so this could happen more and more.

I think PAUSE should be made case-insensitive for module permissions, and the currently 'broken' cases should be resolved (which would be a pain, I know). Another approach would be to continue letting this happen, but notify authors when they upload modules which will cause problems on MacOSX. Perhaps might flag them in the same way it flags 'unauthorised releases'?


I've forked PAUSE, and am going to have a go at making this change.


See also Dancer vs dancer (both provided by the same dist) and CGI vs cgi (different dists). It can indeed be very confusing.

PAUSE patches are welcome. Here is the Git repo:

Is there a full list of all the current conflicts? That needs to be waded through to figure out who "wins", and contact all the losing authors to tell them that their indexing is being removed and that they need to rename their dists.

However, this is going to have an immediate downstream effect on any users of those modules.

Also, should module names be treated case-insensitively inside Perl itself? If I 'require super;' should I get 'SUPER' instead? That's surely not what I want at all. But on MacOSX, if I look for, I'm going to find, and kaboom!

I filed this as an issue against the PAUSE repository --

This is (of-course) also a problem on Windows.

Leave a comment

About Neil Bowers

user-pic Perl hacker since 1992.