Bug #55528 for HTTP-CryptoCookie: Please don't use Digest::SHA2, it's deprecated

Check with the CPAN operators prior to deleting Digest::SHA2. Deleting that module will have enormous negative impact on a great many systems. In a nutshell, you'll be breaking systems. I'll migrate my stuff over, but deprecated or not, do NOT remove modules that WILL break systems. You've noted it in the POD that it is deprecated and no longer supported with the recommendation to move to Digest::SHA, but do NOT remove that module without a consensus if the CPAN moderator community and the Perl community on a whole. CPAN is the glue that holds the Perl community together. Pulling modules is exceptionally frowned upon as it has the potential to really screw systems up and cause significant downtime to production applications. I can tell you right off that complete removal of this module from CPAN will screw up some code that operates on the international carrier of 55% of the Internet's global traffic. I no longer work there and there are few who will know to switch this over to Digest::SHA. Deployment of new systems *will* cause failures. If you need someone to take over maintenance of simply offload it to another CPAN maintainer, I'll happily move it into my wheelhouse as I already maintain Crypt::DES, Crypt::IDEA, and Crypt::Blowfish. -dsp On 12/24/2015 1:42 PM, AEvar Arnfjord Bjarmason via RT wrote: Show quoted text
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

On 2015-12-24T10:31:49-05:00, dparis@w3works.com wrote: Show quoted text
I deprecated this distro in 2007, or 8 years ago. I filed this bug over 5 years ago and this is the first response I get to it. My memory from 5 years ago is fuzzy, but I *think* I filed bugs against all the distros using Digest::SHA2 at the time (including this one), I think the other 3-4 that are using it now are new users despite the deprecation warning (but I may be wrong). What prompted this is that someone reported a bug with building it with clang, easy enough to fix, but I thought "why don't I finally follow-through with deleting this from the CPAN?": https://rt.cpan.org/Ticket/Display.html?id=110302 Having said that, I don't want to screw with anyone's deployments. My assumption was that anyone deploying CPAN modules was bundling it up in some package-system equivalent pinned on versions, so if they already depended on something that (recursively?) depended on Digest::SHA2 they'd already have those packages, but if they upgraded to a new version (hopefully without Digest::SHA2 due to this bug) they wouldn't need it. But if someone really is doing something like "install all these modules at their latest versions from the CPAN" deleting it would indeed break things. If you're keen to maintain it given all of the above I can totally hand it off to you. I just figured that nobody (including me) was interested so I'd try to force the issue by deleting it. Anyway, happy holidays. If I've partially ruined Christmas for you that wasn't my intent :) Show quoted text