Bug 612563

Summary: RFE: Let perl-CPAN Require: perl(Digest::SHA)
Product: [Fedora] Fedora Reporter: Ralf Corsepius <rc040203>
Component: perlAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: cweyl, iarnell, kasal, lkundrak, mmaslano, ppisar, rc040203, tcallawa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: perl-5.10.1-114.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 640716 (view as bug list) Environment:
Last Closed: 2010-07-14 23:06:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 640716    

Description Ralf Corsepius 2010-07-08 14:25:55 UTC 
Description of problem:

/usr/bin/cpan strongly suggests to install "Digest::SHA".

Fedora's perl-CPAN, however doesn't depend on "perl(Digest::SHA)", 
i.e. users will be tempted to manually install Digest::SHA

Note: We are talking about Fedora+cpan users. It's this group of users, which at least I consider to be specially susceptible to using cpan instead of using rpm-packaged perl-modules.

Version-Release number of selected component (if applicable):
perl-5.10.1-112.fc13.x86_64

How reproducible:
Always

Steps to Reproduce:
1. yum install perl-CPAN
2. /usr/bin/cpan
3. get Test
  
Actual results:

cpan issues a "strong suggestion":
...
  CPAN: checksum security checks disabled because Digest::SHA not installed.
  Please consider installing the Digest::SHA module.



Expected results:
cpan not to issue such warning and to behave "safe by default".
Comment 1 Tom "spot" Callaway 2010-07-08 14:29:46 UTC 
Seems sensible to me.
Comment 2 Petr Pisar 2010-07-08 14:41:42 UTC 
As I'm usually against rich dependencies, however I can do that. I have prepared new perl releases because of bug #607687, thus I can postpone the update and include this wish too. I ask Marcela on her opinion.
Comment 3 Petr Pisar 2010-07-08 15:34:26 UTC 
Marcela agrees, I will take care about it.

Affected: F12, F13, F14.
Comment 4 Petr Pisar 2010-07-09 08:34:27 UTC 
perl-CPANPLUS subpackage has the same problem. I'll add the requirement too.

I'm thinking about F14 where we started upgrading bundled packages by adding dual-lived ones. Actually I'm not sure how to deal with this bug. New standalone package meant increasing epoch. I don't like it. I think modifying perl.spec with higher release number is more appropriate in this case. Any suggestions?
Comment 5 Fedora Update System 2010-07-09 11:30:30 UTC 
perl-5.10.0-90.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/perl-5.10.0-90.fc12
Comment 6 Fedora Update System 2010-07-09 11:33:20 UTC 
perl-5.10.1-114.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/perl-5.10.1-114.fc13
Comment 7 Petr Pisar 2010-07-09 13:46:03 UTC 
F14 fixed in perl-5.12.1-126.fc14 by bumping new perl release.
Comment 8 Fedora Update System 2010-07-13 07:28:12 UTC 
perl-5.10.0-90.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update perl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/perl-5.10.0-90.fc12
Comment 9 Fedora Update System 2010-07-13 07:33:00 UTC 
perl-5.10.1-114.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update perl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/perl-5.10.1-114.fc13
Comment 10 Fedora Update System 2010-07-14 23:06:11 UTC 
perl-5.10.1-114.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.