Thu Mar 23 15:06:09 2017: Request 120722 was acted upon.
Transaction: Correspondence added by RSCHUPP
Queue: PAR
Subject: Reason for Module::Signature dependency unclear since 2008
Broken in: 0.983
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120722 >
On 2017-03-23 12:33:24, KENTNL wrote:
> As of 0.983, this dist has not shipped with any signature data:
>
> https://metacpan.org/diff/file?target=SMUELLER/PAR-
> 0.983/&source=SMUELLER/PAR-0.982/
>
> I can also not spot any logic in this dist which would indicate a need
> for any
> of the cryptographic modules it tries to depend on in Makefile.PL
First of all, these are only "recommends" (and e.g. Debian has chosen to
ignore them as Build-Depends, cf.
https://packages.debian.org/source/sid/libpar-perl).
But you're right, PAR doesn't make use of Module::Signature. It may use
Digest::SHA,
though. So I "require" now (a non-broken version of) Digest::SHA and removed
the other "recommends". Actually, this requirement is a non-issue, as
Digest::SHA
is in Perl core since 5.10.0.
Cheers, Roderich
