maintainer-feedback requested: [Bug 256140] security/p5-Crypt-SSLeay dependency to p5-LWP-Protocol-https

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-perl (Nobody)
<perl@FreeBSD.org> for maintainer-feedback:
Bug 256140: security/p5-Crypt-SSLeay dependency to p5-LWP-Protocol-https
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256140



--- Description ---
Hi,

upgrading ports/pkgs, and noted this:

New packages to be INSTALLED:
	p5-Authen-NTLM: 1.09_1
	p5-Crypt-SSLeay: 0.72_3
	p5-File-Listing: 6.14
	p5-HTTP-Cookies: 6.10
	p5-HTTP-Negotiate: 6.01_1
	p5-LWP-Protocol-https: 6.10
	p5-Net-HTTP: 6.21
	p5-Try-Tiny: 0.30
	p5-WWW-RobotRules: 6.02_1
	p5-libwww: 6.54

Installed packages to be UPGRADED:
	p5-DBD-mysql: 4.050 -> 4.050_1

so, upgrading p5-DBD-mysql brings in 10 new packages that are not needed
otherwise on the system.  I try to keep my systems as clean as possible, so if
this happens I try to find out why.

The change in p5-DBD-mysql is to enable SSL by default, which activates a
dependency to p5-Crypt-SSLeay - so far, ok.

Now, why does the rest happen?

p5-Crypt-SSLeay has

BUILD_DEPENDS=	p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https \
		p5-Path-Class>=0.26:devel/p5-Path-Class \
		p5-Try-Tiny>=0.19:lang/p5-Try-Tiny
RUN_DEPENDS=	p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https

which I find surprising - p5-Crypt-SSLeay used to be a dependency of
LWP::Protocol::https, not "the other way round".

I tried to find a reason in the code ("grep -R ^use work") but as far as I
could see it only mentions LWP::UserAgent in the documentation, and even
mentions that one does not need Crypt::SSLeay anymore(!) to get https support
in LWP - because it was unbundled to LWP::Protocol::https (as a replacement,
not dependency).

I tried to remove the DEPENDS setting, and it seems to build and test same way
as with the dependency...

Long story short - can you please check whether this BUILD_DEPENDS/RUN_DEPENDS
to p5-LWP-Protocol-https is needed anymore?

thanks