Following discussion on the QA list about tainting, and given that one of the goals of PPI is to be able to do code-related tasks "safely" without risking the involvement of the perl interpreter, it seems logical that PPI should also work correctly under tainting.
Since I am admittedly not familiar with tainting except at a conceptual level (i.e. I know what it does and how it works, but I don't use it) what are the implications for a large codebase like PPI?
What, specifically, do I need to do to PPI to be taint-safe and to prove that I'm taint-safe? Is it simply a case of putting -T into every test script, and making sure that they all pass with -T?
What do I have to care about?
Further, if there is stuff to do to make it taint-safe, would anyone like to help? :)
Commit bits available as needed if so.
The last time I wrote taint-safe code, Test::Taint was my friend.
The main problem I had retrofitting existing code to be taint-safe (not that I've had a lot of experience with it) was dealing with the disparity between the assumptions I was making and the assumptions the tainting infrastructure was making. It uncovered a few bugs, though.
