Thu Mar 23 15:06:09 2017: Request 120722 was acted upon. Transaction: Correspondence added by RSCHUPP Queue: PAR Subject: Reason for Module::Signature dependency unclear since 2008 Broken in: 0.983 Severity: (no value) Owner: Nobody Requestors: ken...@cpan.org Status: new Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120722 >
On 2017-03-23 12:33:24, KENTNL wrote: > As of 0.983, this dist has not shipped with any signature data: > > https://metacpan.org/diff/file?target=SMUELLER/PAR- > 0.983/&source=SMUELLER/PAR-0.982/ > > I can also not spot any logic in this dist which would indicate a need > for any > of the cryptographic modules it tries to depend on in Makefile.PL First of all, these are only "recommends" (and e.g. Debian has chosen to ignore them as Build-Depends, cf. https://packages.debian.org/source/sid/libpar-perl). But you're right, PAR doesn't make use of Module::Signature. It may use Digest::SHA, though. So I "require" now (a non-broken version of) Digest::SHA and removed the other "recommends". Actually, this requirement is a non-issue, as Digest::SHA is in Perl core since 5.10.0. Cheers, Roderich