https://bugzilla.redhat.com/show_bug.cgi?id=1878468 Bug ID: 1878468 Summary: RPM spec has unnecessary dependencies Product: Fedora Version: 31 Status: NEW Component: perl-Net-DNS Assignee: pwouters@xxxxxxxxxx Reporter: rwfranks@xxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: caillon+fedoraproject@xxxxxxxxx, john.j5live@xxxxxxxxx, kasal@xxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, pwouters@xxxxxxxxxx, rhughes@xxxxxxxxxx, rstrode@xxxxxxxxxx, sandmann@xxxxxxxxxx Target Milestone: --- Classification: Fedora Description of problem: Upstream metadata lists far fewer dependencies than listed the RPM spec which appears to be an inaccurate list of packages cited in require and use declarations in the code. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Potential to cause automatic installation of perl-Net-DNS-SEC without deliberate user involvement. This may have unpleasant legal consequences in some countries. Expected results: The documented Net::DNS API can be delivered by reducing this section of the RPM spec to something like: # Build BuildRequires: coreutils BuildRequires: findutils BuildRequires: glibc-common BuildRequires: make BuildRequires: sed BuildRequires: perl-generators BuildRequires: perl-interpreter BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: perl(Getopt::Long) BuildRequires: perl(IO::Socket::IP) # Runtime BuildRequires: perl(Carp) BuildRequires: perl(Digest::HMAC) BuildRequires: perl(Digest::MD5) BuildRequires: perl(Digest::SHA) BuildRequires: perl(Encode) BuildRequires: perl(Exporter) BuildRequires: perl(File::Spec) BuildRequires: perl(IO::File) BuildRequires: perl(IO::Select) BuildRequires: perl(IO::Socket::IP) >= 0.38 BuildRequires: perl(IO::Socket) BuildRequires: perl(MIME::Base64) BuildRequires: perl(PerlIO) BuildRequires: perl(Scalar::Util) BuildRequires: perl(Time::Local) # Net::LibIDN2 is optional # Digest::BubbleBabble is optional %if ! (0%{?rhel} >= 7) BuildRequires: perl(Digest::BubbleBabble) %endif # Tests only BuildRequires: perl(File::Find) BuildRequires: perl(Test::Builder) BuildRequires: perl(Test::More) # Optional tests: Requires: perl(Test::Pod) Additional info: With the specific exception of IO::Socket::IP (which has recent bug history), package versions can be ignored. Net::DNS::SEC and its internal components MUST NOT be listed as dependencies. Net::DNS::SEC is delivered separately because cryptographic software is prohibited or severely restricted in many territories. Net::DNS::SEC must be installed explicitly by the end-user who bears resonsibility for any legal consequences of so doing. Other packages referred to in the code fall into 5 categories: 1) Perl CORE packages assumed always to be present: base, constant, integer, overload, strict, warnings, Config 2) Fallback for missing prerequisites (accepting reduced functionality): IO::Socket::INET, Net::LibIDN 3) Support for obsolete algorithm not yet formally deprecated: Digest::GOST, Digest::GOST::CryptoPro 4) Irrelevant platform specific packages: Win32::API, Win32::IPHelper, Win32::TieRegistry 5) Support for developer inbuilt test functions (not in documented API): Data::Dumper Net::DNS::Extlang -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
