Yesterday I Tried CPANHQ's OpenID Authentication and today I got this in the mail from the Mandriva security :

Security Warning: World Writable files found :

• /home/shlomi/tmp/cpanhq/session/data/3
• /home/shlomi/tmp/cpanhq/session/data/3/d
• /home/shlomi/tmp/cpanhq/session/data/3/d/4
• /home/shlomi/tmp/cpanhq/session/data/8
• /home/shlomi/tmp/cpanhq/session/data/8/1
• /home/shlomi/tmp/cpanhq/session/data/8/1/7

So these directories are world-writable. It should not be this way, and may pose a security risk.

Regards,

-- Shlomi Fish

After a user has logged in, they should be presented with a dashboard. Ideally this would be customisable. Some possible elements:

• Saved searches
• Favourite dists/authors
• Watched dists/authors

If you're a CPAN author we could extend that to include a special CPAN author section with:

• RT bugs
• test reports
• ratings
• an upload to pause button

The point would be to make this a section the user would want to check frequently as the information is quite dynamic.

I think a wiki page for every perl dist should be available and linked wherever there is a detail or semi-detail view of a CPAN dist.

diff --git a/Makefile.PL b/Makefile.PL
index 8408fd6..957990b 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -22,12 +22,17 @@ requires 'Config::General';
requires 'CPAN::Mini';
requires 'DBIx::Class';
requires 'DBIx::Class::TimeStamp';
+requires 'File::Next';
+requires 'File::Slurp';
requires 'File::Spec';
requires 'File::Temp';
requires 'Graph::Easy';
requires 'List::Util';
requires 'parent';
+requires 'Parse::CPAN::Packages';
+requires 'Parse::CPAN::Whois';
requires 'Rose::HTML::Form';
+requires 'Software::License';
requires 'YAML::XS';
test_requires 'Test::WWW::Mechanize::Catalyst';

Currently sub auto { ... } in lib/CPANHQ/Controller/Root.pm reads:

sub auto : Private {
   my( $self, $c ) = @_;
   my $rss = XML::RSS->new;
   $rss->parse( get( 'http://twitter.com/statuses/user_timeline/36758099.rss' ) );
   $c->stash( tweets => $rss );
    return 1;
}

As can be seen, the RSS file is fetched every time a page is loaded, and $rss->parse() will fail with a warning or error if get() failed, because the return value of get() is not checked. The latter is happening now due to twitter.com being down.

Regards,

-- Shlomi Fish

The common convention in web-sites is for the top-left icon to link to the front page. See github's logo for instance. According to our chat on IRC, we agreed that CPANHQ should do it too.

I tried doing:

<div id=header>

CPANHQ

But firefox wouldn't link the background image which happens to be a background specified in the CSS stylesheet - not an <img src=" element.

I think CPANHQ could really benefit from a simple, binary rating system akin to "i use this" -- perhaps "i like this", or a star/heart icon.

CPANRatings has some problems: a 1-5 rating system can be subjective, and the textual ratings lend themselves to controversy and even bug reports masked as ratings.

The "i like this" rating could also be used to enhance the search results.

We need to display the POD of the .pm/.pod files (after converting them to (X)HTML of course). Maybe see how kobesearch is doing it:

http://sourceforge.net/projects/cpan-search/