Page MenuHomeFreeBSD

[security/kpcli] math/p5-Math-Random-ISA should be added to run dependency
ClosedPublic

Authored by ehaupt on Mar 8 2017, 8:21 AM.

Details

Summary

"perldoc kpcli" states:

You can optionally install "Math::Random::ISAAC" in order to use a more
secure rand() function.

Without it installed you'll see:

kpcli:/> vers
VERSIONS

  • kpcli: 3.1
  • Perl: v5.24.1
  • File::KeePass: 2.03
  • Term::ShellUI: 0.92
  • Term::ReadKey: 2.37
  • Term::ReadLine: 1.14
  • Capture::Tiny: 0.28
  • Clipboard: 0.13
  • Sub::Install: 0.928
  • Term::ReadLine::Gnu: 1.35
  • Math::Random::ISAAC: not installed (optional)

With Math::Random::ISAAC installed:

kpcli:/> vers
VERSIONS

  • kpcli: 3.1
  • Perl: v5.24.1
  • File::KeePass: 2.03
  • Term::ShellUI: 0.92
  • Term::ReadKey: 2.37
  • Term::ReadLine: 1.14
  • Capture::Tiny: 0.28
  • Clipboard: 0.13
  • Math::Random::ISAAC: 1.004
  • Sub::Install: 0.928
  • Term::ReadLine::Gnu: 1.35

In the sense of making sensible default decisions for our users this should be
added as a default run dependency. Alternatively it could be made an option
but this should be on by default (providing secure default values). My
preference would be to make it non-optional.

Test Plan
  • portlint -A: OK
  • poudriere testport (all tier1 arch on supported versions): OK

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ehaupt created this revision.Mar 8 2017, 8:21 AM
ehaupt retitled this revision from math/p5-Math-Random-ISA should be added to run dependency to [security/kpcli] math/p5-Math-Random-ISA should be added to run dependency.Mar 8 2017, 8:23 AM
mat added a comment.Mar 8 2017, 8:55 AM

Could you redo the patch without moving everything around ? So that one can see what you are doing, and it does not feel like you are trying to hide some unrelated changes in the middle.

ehaupt updated this revision to Diff 26079.Mar 8 2017, 9:17 AM

Unsorted dependency version as requested by mat.

mat added a comment.Mar 8 2017, 9:22 AM

Looks good now.