From: Audrey Tang <cpan@audreyt.org>
Date: Tue, 29 Jul 2003 09:58:35 +0000 (+0800)
Subject: unlink pre-PGP-signed CHECKSUM
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=7a34a24b301fbc19c9ae40dd163e0135ac9cb09e;p=p5sagit%2Fp5-mst-13.2.git

unlink pre-PGP-signed CHECKSUM
Message-ID: <20030729015834.GA7149@not.autrijus.org>

p4raw-id: //depot/perl@20295
---

diff --git a/lib/CPAN.pm b/lib/CPAN.pm
index 81b335b..fb65e61 100644
--- a/lib/CPAN.pm
+++ b/lib/CPAN.pm
@@ -3666,6 +3666,14 @@ sub dir_listing {
     my $lc_want =
 	File::Spec->catfile($CPAN::Config->{keep_source_where},
 			    "authors", "id", @$chksumfile);
+
+    my $fh = FileHandle->new;
+    if (open($fh, $lc_want)){
+	# purge and refetch old (pre-PGP) CHECKSUMS; they are a security hazard
+	my $line = <$fh>; close $fh;
+	unlink($lc_want) unless $line =~ /PGP/;
+    }
+
     local($") = "/";
     # connect "force" argument with "index_expire".
     my $force = 0;