https://bugzilla.redhat.com/show_bug.cgi?id=1878468
Bug ID: 1878468
Summary: RPM spec has unnecessary dependencies
Product: Fedora
Version: 31
Status: NEW
Component: perl-Net-DNS
Assignee: pwouters(a)redhat.com
Reporter: rwfranks(a)acm.org
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com,
john.j5live(a)gmail.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org,
pwouters(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Upstream metadata lists far fewer dependencies than listed the RPM spec
which appears to be an inaccurate list of packages cited in require and use
declarations in the code.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Potential to cause automatic installation of perl-Net-DNS-SEC without
deliberate user involvement. This may have unpleasant legal consequences in
some countries.
Expected results:
The documented Net::DNS API can be delivered by reducing this section of
the RPM spec to something like:
# Build
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: glibc-common
BuildRequires: make
BuildRequires: sed
BuildRequires: perl-generators
BuildRequires: perl-interpreter
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Getopt::Long)
BuildRequires: perl(IO::Socket::IP)
# Runtime
BuildRequires: perl(Carp)
BuildRequires: perl(Digest::HMAC)
BuildRequires: perl(Digest::MD5)
BuildRequires: perl(Digest::SHA)
BuildRequires: perl(Encode)
BuildRequires: perl(Exporter)
BuildRequires: perl(File::Spec)
BuildRequires: perl(IO::File)
BuildRequires: perl(IO::Select)
BuildRequires: perl(IO::Socket::IP) >= 0.38
BuildRequires: perl(IO::Socket)
BuildRequires: perl(MIME::Base64)
BuildRequires: perl(PerlIO)
BuildRequires: perl(Scalar::Util)
BuildRequires: perl(Time::Local)
# Net::LibIDN2 is optional
# Digest::BubbleBabble is optional
%if ! (0%{?rhel} >= 7)
BuildRequires: perl(Digest::BubbleBabble)
%endif
# Tests only
BuildRequires: perl(File::Find)
BuildRequires: perl(Test::Builder)
BuildRequires: perl(Test::More)
# Optional tests:
Requires: perl(Test::Pod)
Additional info:
With the specific exception of IO::Socket::IP (which has recent bug history),
package versions can be ignored.
Net::DNS::SEC and its internal components MUST NOT be listed as dependencies.
Net::DNS::SEC is delivered separately because cryptographic software is
prohibited or severely restricted in many territories.
Net::DNS::SEC must be installed explicitly by the end-user who bears
resonsibility for any legal consequences of so doing.
Other packages referred to in the code fall into 5 categories:
1) Perl CORE packages assumed always to be present:
base, constant, integer, overload, strict, warnings, Config
2) Fallback for missing prerequisites (accepting reduced functionality):
IO::Socket::INET, Net::LibIDN
3) Support for obsolete algorithm not yet formally deprecated:
Digest::GOST, Digest::GOST::CryptoPro
4) Irrelevant platform specific packages:
Win32::API, Win32::IPHelper, Win32::TieRegistry
5) Support for developer inbuilt test functions (not in documented API):
Data::Dumper Net::DNS::Extlang
--
You are receiving this mail because:
You are on the CC list for the bug.