[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nudging patches
|
From: |
Andreas Enge |
|
Subject: |
Re: nudging patches |
|
Date: |
Fri, 19 May 2023 12:04:45 +0200 |
Hello Remco,
Am Fri, May 19, 2023 at 11:48:08AM +0200 schrieb Remco van 't Veer:
> Ruby 2.6 is EOL and 2.7 got it's "last" release in march
> (https://www.ruby-lang.org/en/news/2023/03/30/ruby-2-7-8-released/). So
> I guess 2.6 can be dropped and 2.7 may linger for a while?
the announcement states that
"After this release, Ruby 2.7 reaches EOL. In other words, this is expected to
be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9 even if
a security vulnerability is found"
So it would be best to try to get rid of it as soon as possible;
if security vulnerabilities are not fixed, the working hypothesis is
that the package has security vulnerabilities...
> > Then there is an internal version ruby/fixed, which is very old, but,
> > strangely, ahead of the public minor ruby version, @2.7.7.
> It seems the ruby-2.7-fixed var has been orphaned by the latest
> core-updates merge. It was used for grafting (used as an "replacement"
> in the ruby-2.7 var) and my patch was still depending on that. I can
> update the patch by reinserting the grafting bit. WDYT?
Oh, I see. I am not familiar at all with grafting. But that would be
an option indeed to avoid rebuilding.
> > Could the remainder of ruby and other packages be made dependent on @3.2
> > instead of @2.7?
> This will probably me a trail and error path leaning on tests included
> in the packages.
With your findings above about ruby@2.7, this looks like a worthwhile path!
Andreas