The right way to install CPAN modules
There are several ways to install CPAN modules and about everyone advocates something else.
You can install the modules supplied by your vendor (e.g. using aptitude on Debian). If the module is not available from the vendor you can prepare a package (in the case of Debian using dh-make-perl) or you can install the modules using a CPAN client. In that case you can do it to the standard system directories or using local::lib.
You could also build your own perl with or without perlbrew and then you can install everything with a CPAN client.
Recently chromatic suggested we should all use perlbrew and install our own versions of perl. Alternatively he suggests that vendors should have a systemperl and a perl for users. Separately. The former can be minimal, the latter should be full featured.
The right way
Frankly, I think, there is no single solution that fits all situations. Some might even say TMTOWTDI.
It boils down to how much freedom you have and how much control you'd like to have over what gets installed.
For a long time I have been using CPAN.pm, after some manual configuration installing in a private directory. Then I switched to local::lib but it still has a major issue when you have multiple applications on the same server. Recently, I was experimenting with perlbrew and manual building of perl.
Each one has advantages and disadvantages.
It is interesting to live on the bleeding edge and install the latest version of every module directly from CPAN but in most cases this should not happen on a production server.
Actually I don't know in which case should you do this, but I am sure there are many people and organizations who do it that way.
If you want to reduce risk you need to go through the rigorous steps of configuration management.
- Put everything in version control (including the dependency tree).
- Check out to a clean system that only has stuff from the vendor and from the version control system.
- Build "binary" versions on the clean system.
- Install on a test machine that is identical to the deployment machine.
You can do the above with your home built perl.
You can do it on a system perl using the CPAN client.
You can create binary packages using dh-make-perl or the respective tools on your operating system.
In every case you have to make sure you are only using modules from the private CPAN server which holds modules only from your version control system.
In either of the above cases we assume you have the freedom to use things outside the realms of the paid vendor. (eg. RedHat). If you are restricted to what the vendor supplies then you have a serious problem. Especially with RedHat but even Debian "only" provides 10-15% of CPAN.