I had a conscientious user of one of my modules send in a report
which, after investigation, has led me here.

The module Digest::MD5 was added to the Perl core distribution in Perl
5.8.0. That means that users committed to pre-5.8.0 versions of Perl
will have to install Digest::MD5 if they need it. However, as of
version 2.51, Digest::MD5 is no longer backward compatible with Perls
earlier than 5.8.1. This isn't such a big deal for a user of 5.8.0,
since it came with an older version of Digest::MD5. But users of Perl
versions earlier than 5.8.0 are forced to explicitly install an old
Digest::MD5 version (2.40 or earlier).

The various CPAN installers (cpan, cpanm, cpanp) default to pulling in
the most recent version of any module, and in the case of Digest::MD5,
this means that the default behavior is to pull in a version that
won't build on Perl's earlier than 5.8.1.

My user had an issue when trying to install one of my modules on Perl
5.6.x. My module has a dependency that itself has a dependency on
Digest::MD5. My module claims to support Perl 5.6.x, which it does
*if* the user explicitly installs an older version of Digest::MD5
first. Ideally this should be handled automatically... and even
better would be if Digest::MD5 could be brought back to a state of
backward compatibility.

The user who reported the issue did some investigative work and had
this to say:
"...Digest::MD5 fails testing because it is using utf8::is_utf8
without checking
the version (this was added in 5.8.1)."

I noticed that on the RT for the CPAN version of Digest::MD5 there are
two patches that others have submitted that are intended to address
this issue. I haven't reviewed whether these patches would be
effective or practical.


In the specific case of my user, the user was trying to install
Math::Prime::FastSieve, which has an Inline::CPP dependency, which has
an Inline dependency, which has a Digest::MD5 dependency. The user
was trying to install on Perl 5.6.1.

I guess my question is "What has to happen next?" :)

Dave