don't run perl -c

[petere]

Running perl -c on unknown files is dangerous because it executes BEGIN blocks, which could contain arbitrary code.

This module is currently a security risk.

[illusori]

This is a vulnerability common to the base Flymake, for clarity I've added a warning to the README about the issue, but the intent of this library is to provide additive behaviour over basic Flymake, rather than removing existing behaviour.

I do accept that it's a concern though, I think I'll look at providing a configuration option to control the running of "perl -c", I can default that to being disabled and place a note in the docs saying that if you need/want the base behaviour of Flymake you can enable it.

Sorry for the slow response, haven't had time to keep up with my open source projects this month, and thanks for the comments.

[petere]

I'm sorry, I wasn't aware that the built-in flymake already does that. I will have to redirect my complaint there then. In the meantime, I think it would be a good idea to provide an option (possibly default), to only run perlcritic.

[gemmaro]

Now that #4 has been merged, it looks like this issue can be closed.

Since this plugin uses the new Flymake backend feature, perl -c no longer exists.
Users who need syntax checking with perl -c can use the functionality provided by the perl-mode.