Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Test-Simple CPAN distribution.

Report information
The Basics
Id: 46993
Status: resolved
Priority: 0/
Queue: Test-Simple
People
Owner: Nobody in particular
Requestors: salvatore.bonaccorso [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
signature.asc

History Show all quoted text
  Tue Jun 16 04:30:37 2009 salvatore.bonaccorso [...] gmail.com - Ticket created
Subject: Copy of IO::Scalar droppable?
Date: Tue, 16 Jun 2009 10:30:05 +0200
To: bug-Test-Simple [...] rt.cpan.org
From: Salvatore Bonaccorso <salvatore.bonaccorso [...] gmail.com>
Hi Michael Schwern During packaging the new version of Test::Simple for Debian, the following arised: Test::Builder::IO::Scalar is simply a copy of IO::Scalar (in O-stringy). The point is now, it causes "code duplication" and on a possible security bug on IO-stringy then the security team has to search the other Perl packages and then fix it also in Test-Simple. Would it be possible to have a dependeny of Test-Simple to IO-stringy? Many thanks in advance Kind regards Salvatore
Download signature.asc
application/pgp-signature 835b

Message body not shown because it is not plain text.

  Tue Jun 16 12:40:35 2009 mschwern [...] cpan.org - Reminder 'MSCHWERN' added
  Tue Jun 16 12:54:36 2009 mschwern [...] cpan.org - Correspondence added
On Tue Jun 16 04:30:37 2009, salvatore.bonaccorso@gmail.com wrote: Show quoted text
> During packaging the new version of Test::Simple for Debian, the > following arised: Test::Builder::IO::Scalar is simply a copy of > IO::Scalar (in O-stringy). > > The point is now, it causes "code duplication" and on a possible > security bug on IO-stringy then the security team has to search the > other Perl packages and then fix it also in Test-Simple. > > Would it be possible to have a dependency of Test-Simple to IO-stringy?
No, Test-Simple cannot have any dependencies (Test::Harness and MakeMaker both ship with their own Test-Simple to avoid this problem) else it risks a circular dependency loop. Yes, IO-stringy does not depend on Test-Simple, but I don't want to risk it. I also don't want to risk Test-Simple not installing (and thus 80% of CPAN breaking) because of a dependency failure. However, as explained in the Test::Builder::IO::Scalar docs, it is only used on Perl 5.6. I don't think Debian has shipped Perl 5.6 in years so the code is effectively a no-op. You are free to throw it out when packaging, everything should continue to work normally. Eventually I'll get sick of supporting 5.6 and throw it out, too. Let me know if this is unsatisfactory and we'll work something out. I want to make Debian's life easy.
  Tue Jun 16 12:54:36 2009 The RT System itself - Status changed from 'new' to 'open'
  Tue Jun 16 12:54:37 2009 mschwern [...] cpan.org - Status changed from 'open' to 'rejected'
  Tue Jun 16 13:50:13 2009 salvatore.bonaccorso [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #46993] Copy of IO::Scalar droppable?
Date: Tue, 16 Jun 2009 19:49:47 +0200
To: Michael G Schwern via RT <bug-Test-Simple [...] rt.cpan.org>
From: Salvatore Bonaccorso <salvatore.bonaccorso [...] gmail.com>
Hi Michael Schwern Many thanks for your fast reply on that! Really apreciating this. On Tue, Jun 16, 2009 at 12:54:37PM -0400, Michael G Schwern via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=46993 > > > On Tue Jun 16 04:30:37 2009, salvatore.bonaccorso@gmail.com wrote:
> > During packaging the new version of Test::Simple for Debian, the > > following arised: Test::Builder::IO::Scalar is simply a copy of > > IO::Scalar (in O-stringy). > > > > The point is now, it causes "code duplication" and on a possible > > security bug on IO-stringy then the security team has to search the > > other Perl packages and then fix it also in Test-Simple. > > > > Would it be possible to have a dependency of Test-Simple to IO-stringy?
> > No, Test-Simple cannot have any dependencies (Test::Harness and > MakeMaker both ship with their own Test-Simple to avoid this problem) > else it risks a circular dependency loop. Yes, IO-stringy does not > depend on Test-Simple, but I don't want to risk it. I also don't want > to risk Test-Simple not installing (and thus 80% of CPAN breaking) > because of a dependency failure. > > However, as explained in the Test::Builder::IO::Scalar docs, it is only > used on Perl 5.6. I don't think Debian has shipped Perl 5.6 in years so > the code is effectively a no-op. You are free to throw it out when > packaging, everything should continue to work normally. > > Eventually I'll get sick of supporting 5.6 and throw it out, too. > > Let me know if this is unsatisfactory and we'll work something out. I > want to make Debian's life easy.
Your explanation helps me out yes. First you are right, regarding the supported Versions in Debian we have in oldstable (5.8.8). With the above I thinks we sould either leave as it is or repackage the original tarball excluding it. I will discuss this with the others of the pkg-perl Group. Kind regards Salvatore
Download signature.asc
application/pgp-signature 835b

Message body not shown because it is not plain text.

  Tue Jun 16 13:50:15 2009 The RT System itself - Status changed from 'rejected' to 'open'
  Thu Jul 02 16:44:48 2009 mschwern [...] cpan.org - Correspondence added
I'm going to call this resolved. Feel free to reopen if there's any other issues.
  Thu Jul 02 16:44:51 2009 mschwern [...] cpan.org - Status changed from 'open' to 'resolved'