Bug 255230 - security/p5-Crypt-CBC 3.01 pulls in lots of dependencies
Summary: security/p5-Crypt-CBC 3.01 pulls in lots of dependencies
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-perl (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-19 16:58 UTC by Gert Doering
Modified: 2021-04-19 19:32 UTC (History)
4 users (show)

See Also:
lwhsu: maintainer-feedback? (perl)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gert Doering 2021-04-19 16:58:03 UTC
Hi,

the upgrade p5-Crypt-CBC 2.33_1 -> 3.01 pulls in a crazy amount of extra packages:

New packages to be INSTALLED:
        p5-B-Hooks-EndOfScope: 0.24
        p5-B-Hooks-OP-Check: 0.22
        p5-Class-Method-Modifiers: 2.13
        p5-Crypt-PBKDF2: 0.161520
        p5-CryptX: 0.071
        p5-Data-OptList: 0.110
        p5-Devel-StackTrace: 2.04
        p5-Digest-SHA3: 1.04
        p5-Dist-CheckConflicts: 0.11_1
        p5-Exporter-Tiny: 1.002002
        p5-Hash-FieldHash: 0.15
        p5-Module-Implementation: 0.09_1
        p5-Module-Runtime: 0.016
        p5-Moo: 2.005004        p5-Package-Stash: 0.39
        p5-Package-Stash-XS: 0.29
        p5-Params-Util: 1.102
        p5-Ref-Util-XS: 0.117
        p5-Role-Tiny: 2.002004
        p5-Sub-Exporter: 0.987_1
        p5-Sub-Exporter-Progressive: 0.001013
        p5-Sub-Identify: 0.14
        p5-Sub-Install: 0.928_1
        p5-Sub-Quote: 2.006006
        p5-Type-Tie: 0.015
        p5-Type-Tiny: 1.012001
        p5-Type-Tiny-XS: 0.022
        p5-Variable-Magic: 0.62
        p5-bareword-filehandles: 0.007
        p5-indirect: 0.39
        p5-multidimensional: 0.014
        p5-namespace-autoclean: 0.29
        p5-namespace-clean: 0.27
        p5-strictures: 2.000006,1

Installed packages to be UPGRADED:
        p5-Crypt-CBC: 2.33_1 -> 3.01

these all come from p5-Crypt-PBKDF2 (which is totally non-relevant for us).

Is there a way to make this requirement conditional and/or a variant?

thanks :-)
Comment 1 Li-Wen Hsu freebsd_committer 2021-04-19 17:00:53 UTC
CC the last committer.
Comment 2 parv 2021-04-19 19:32:17 UTC
I am not the maintainer.

Module Crypt::CBC::PKDF::pbkdf2 ...

https://metacpan.org/source/LDS/Crypt-CBC-3.03/lib/Crypt/CBC/PBKDF/pbkdf2.pm

... uses Crypt::PBKDF2. So Crypt::CBC needs Crypt::PBKDF2 module (and its dependencies by extension).

Gert may opt to not upgrade and/or break up the module in their custom install to remove Crypt::CBC::PKDF::pbkdf2 module.

The method of breaking of core perl & modules has made a sane, usable Perl install on some Linux distributions horrendously painful to use as is; requires many hoops to jump to make things work. I sincerely hope that FreeBSD project does not join them in that quest.