Bug 217665

Summary: [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency
Product: Ports & Packages Reporter: Emanuel Haupt <ehaupt>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Many People CC: alexander.4mail
Priority: --- Flags: bugzilla: maintainer-feedback? (alexander.4mail)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Add Math::Random::ISAAC as a dependency none

Description Emanuel Haupt freebsd_committer freebsd_triage 2017-03-09 17:07:20 UTC 
Created attachment 180674 [details]
Add Math::Random::ISAAC as a dependency

"perldoc kpcli" states:

    You can optionally install "Math::Random::ISAAC" in order to use a more
    secure rand() function.

Without it installed you'll see:

    kpcli:/> vers
    VERSIONS

        kpcli: 3.1
        Perl: v5.24.1
        File::KeePass: 2.03
        Term::ShellUI: 0.92
        Term::ReadKey: 2.37
        Term::ReadLine: 1.14
        Capture::Tiny: 0.28
        Clipboard: 0.13
        Sub::Install: 0.928
        Term::ReadLine::Gnu: 1.35
        Math::Random::ISAAC: not installed (optional)

With Math::Random::ISAAC installed:

    kpcli:/> vers
    VERSIONS

        kpcli: 3.1
        Perl: v5.24.1
        File::KeePass: 2.03
        Term::ShellUI: 0.92
        Term::ReadKey: 2.37
        Term::ReadLine: 1.14
        Capture::Tiny: 0.28
        Clipboard: 0.13
        Math::Random::ISAAC: 1.004
        Sub::Install: 0.928
        Term::ReadLine::Gnu: 1.35

In the sense of making sensible default decisions for our users this should be
added as a default run dependency. Alternatively it could be made an option
but this should be on by default (providing secure default values). My
preference would be to make it non-optional.
Comment 1 Emanuel Haupt freebsd_committer freebsd_triage 2017-03-09 17:09:35 UTC 
Differential review: https://reviews.freebsd.org/D9923
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-03-25 10:22:23 UTC 
A commit references this bug:

Author: ehaupt
Date: Sat Mar 25 10:22:06 UTC 2017
New revision: 436892
URL: https://svnweb.freebsd.org/changeset/ports/436892

Log:
  Add Math::Random::ISAAC as a dependency as it provides a more secure rand()
  function.

  PR:		217665
  Approved by:	maintainer timeout (alexander.4mail@gmail.com; 16 days)
  Differential Revision:	D9923

Changes:
  head/security/kpcli/Makefile