Bug 952281 - perl-App-cpanminus: does not build from source code
perl-App-cpanminus: does not build from source code
Status: CLOSED DUPLICATE of bug 907464
Product: Fedora
Classification: Fedora
Component: perl-App-cpanminus (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Marcela Mašláňová
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 952282
  Show dependency treegraph
 
Reported: 2013-04-15 10:44 EDT by Florian Weimer
Modified: 2014-01-02 08:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1045378 (view as bug list)
Environment:
Last Closed: 2013-04-15 11:22:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-04-15 10:44:32 EDT
This package bundles Perl sources obfuscated using App::FatPacker, which makes it very difficult to review.  Please remove the obfuscated code and replace it with proper dependencies.

(I have verified that the bundled version of Parse/CPAN/Meta.pm is actually used by putting a "die;" into it, which was executed.)
Comment 1 Petr Pisar 2013-04-15 10:59:46 EDT
Can you explain the subject "Does not build from source code"?
Comment 2 Florian Weimer 2013-04-15 11:07:29 EDT
bin/cpanm contains stuff like this:

use 5.006;use strict;use warnings;package CPAN::Meta::Converter;our$VERSION='2.130880';use CPAN::Meta::Validator;use CPAN::Meta::Requirements;use version 0.88 ();use Parse::CPAN::Meta 1.4400 ();sub _dclone {my$ref=shift;no warnings 'once';local*UNIVERSAL::TO_JSON=sub {return "$_[0]"};my$backend=Parse::CPAN::Meta->json_backend();return$backend->new->utf8->decode($backend->new->utf8->allow_blessed->convert_blessed->encode($ref))}my%known_specs=('2'=>'http://search.cpan.org/perldoc?CPAN::Meta::Spec','1.4'=>'http://module-build.sourceforge.net/META-spec-v1.4.html','1.3'=>'http://module-build.sourceforge.net/META-spec-v1.3.html[…]

I don't consider this source code.  The bundling of human-readable sources (as in previous versions) is problematic as well: <https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries>
Comment 3 Petr Pisar 2013-04-15 11:22:15 EDT
I see.

*** This bug has been marked as a duplicate of bug 907464 ***

Note You need to log in before you can comment on or make changes to this bug.