CPAN, the Comprehensive Perl Archive Network, is a network of Perl software archives around the world. Perl version 5.6.x includes modules (CPAN and CPAN::FirstTime, among others) that allow it to fetch, verify the checksums of and even use gcc to compile Perl modules from CPAN sites on the Internet. In-depth descriptions of CPAN and Perl's CPAN functionality are beyond this article's scope, but I have one hint and one warning to offer.
First the hint. To install the module Example::Module (not a real Perl module), you enter the command:
perl -MCPAN -e 'install Example::Module"
If it's the first time you've used the -MCPAN flag, the module CPAN::FirstTime will be triggered, and you'll be asked to choose from various options as to how Perl should fetch and install modules from CPAN. These are well-phrased questions with reasonable defaults. But do pay attention to the output while this command executes: the module you're installing may depend on other modules and may require you to go back and execute, for example, enter
perl -MCPAN -e 'install Example::PreRequisite"
before making a second attempt at installing the first module.
And now for the warning: using CPAN is neither more nor less secure than downloading and installing any other software from any other internet source. In my opinion the CPAN utilities seem to be reasonably secure; before being installed, each downloaded module is automatically checked against a checksum that incorporates a cryptographically strong MD5 hash.
However, even assuming a given package's checksum probably won't be replaced along with a tampered-with module (a big assumption), all this protects against is the unauthorized alteration of software after it's been uploaded to CPAN by its author. There's nothing to stop an evil registered CPAN developer (anybody may register as one) from uploading hostile code along with a valid checksum. Note there's nothing to stop that evil developer from posting bad stuff to SourceForge or Freshmeat, either.
Thus, and I hope I'm not belaboring this point, if you really want to be paranoid, the most secure way to install a given Perl module is to:
tar -xzvf groovyperlmod.tar.gz
perl ./Makefile.PL make make test make install
Note that if the modules you need are brought to your attention by swatch's Makefile.PL script, then to use the paranoid installation method you'll want to write down the needed module names and kill that script (via plain old Ctrl-C) before installing the modules and rerunning swatch's Makefile.PL.
There's actually a third way to install missing Perl modules: from your Linux distribution's FTP site or CD-ROM. While none approach CPAN's selection, most Linux distributions have packaged versions of the most popular Perl modules. See the table below for the modules you need for swatch and the packages that contain them in Red Hat 7 and Debian 2.2.
None of this may seem terribly specific to swatch, and indeed it isn't, but it is important—more and more useful utilities are being released either as Perl modules or as Perl scripts that depend on Perl modules, so the chances are that swatch will not be the last Makefile.PL-based utility you install. Understanding some ramifications of all this module madness is worth the liter of ink I just spent on it, trust me.