p5-Math-Random-ISA should be added to run dependency
ClosedPublic
Actions

Authored by ehaupt on Mar 8 2017, 8:21 AM.

Details

Reviewers: None
Commits: rP436892: Add Math::Random::ISAAC as a dependency as it provides a more secure rand()

Summary

"perldoc kpcli" states:

You can optionally install "Math::Random::ISAAC" in order to use a more
secure rand() function.

Without it installed you'll see:

kpcli:/> vers
VERSIONS

kpcli: 3.1

Perl: v5.24.1

File::KeePass: 2.03

Term::ShellUI: 0.92

Term::ReadKey: 2.37

Term::ReadLine: 1.14

Capture::Tiny: 0.28

Clipboard: 0.13

Sub::Install: 0.928

Term::ReadLine::Gnu: 1.35

Math::Random::ISAAC: not installed (optional)

With Math::Random::ISAAC installed:

kpcli:/> vers
VERSIONS

kpcli: 3.1

Perl: v5.24.1

File::KeePass: 2.03

Term::ShellUI: 0.92

Term::ReadKey: 2.37

Term::ReadLine: 1.14

Capture::Tiny: 0.28

Clipboard: 0.13

Math::Random::ISAAC: 1.004

Sub::Install: 0.928

Term::ReadLine::Gnu: 1.35

In the sense of making sensible default decisions for our users this should be
added as a default run dependency. Alternatively it could be made an option
but this should be on by default (providing secure default values). My
preference would be to make it non-optional.

Test Plan

portlint -A: OK
poudriere testport (all tier1 arch on supported versions): OK

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ehaupt created this revision.Mar 8 2017, 8:21 AM

Herald added a subscriber: mat. · View Herald TranscriptMar 8 2017, 8:21 AM

Harbormaster completed remote builds in B7949: Diff 26077.Mar 8 2017, 8:21 AM

ehaupt retitled this revision from math/p5-Math-Random-ISA should be added to run dependency to [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency.Mar 8 2017, 8:23 AM

Could you redo the patch without moving everything around ? So that one can see what you are doing, and it does not feel like you are trying to hide some unrelated changes in the middle.