unlink pre-PGP-signed CHECKSUM

Message-ID: <20030729015834.GA7149@not.autrijus.org>

p4raw-id: //depot/perl@20295

diff --git a/lib/CPAN.pm b/lib/CPAN.pm
index 81b335b..fb65e61 100644 (file)
--- a/lib/CPAN.pm
+++ b/lib/CPAN.pm
@@ -3666,6 +3666,14 @@ sub dir_listing {
     my $lc_want =
        File::Spec->catfile($CPAN::Config->{keep_source_where},
                            "authors", "id", @$chksumfile);
+
+    my $fh = FileHandle->new;
+    if (open($fh, $lc_want)){
+       # purge and refetch old (pre-PGP) CHECKSUMS; they are a security hazard
+       my $line = <$fh>; close $fh;
+       unlink($lc_want) unless $line =~ /PGP/;
+    }
+
     local($") = "/";
     # connect "force" argument with "index_expire".
     my $force = 0;