From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH] gnu: ruby: Replace with 2.3.2 [fixes CVE-2015-3900]. Date: Sat, 19 Nov 2016 10:28:18 -0500 Message-ID: <20161119152818.GA8435@jasmine> References: <20161118233209.28746-1-donttrustben@gmail.com> <20161118233209.28746-2-donttrustben@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43906) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c87Z3-0002N2-Pi for guix-devel@gnu.org; Sat, 19 Nov 2016 10:28:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c87Yy-0002rh-U4 for guix-devel@gnu.org; Sat, 19 Nov 2016 10:28:25 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42438) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c87Yy-0002rM-Pg for guix-devel@gnu.org; Sat, 19 Nov 2016 10:28:20 -0500 Content-Disposition: inline In-Reply-To: <20161118233209.28746-2-donttrustben@gmail.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ben Woodcroft Cc: guix-devel@gnu.org On Sat, Nov 19, 2016 at 09:32:09AM +1000, Ben Woodcroft wrote: > * gnu/packages/ruby.scm (ruby)[replacement]: New field. > (ruby-2.3.2): New variable. > --- > gnu/packages/ruby.scm | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm > index e4c1ef0..f2b5de9 100644 > --- a/gnu/packages/ruby.scm > +++ b/gnu/packages/ruby.scm > @@ -47,6 +47,7 @@ > (define-public ruby > (package > (name "ruby") > + (replacement ruby-2.3.2) Remember that grafted replacements should have a compatible ABI. This is the first result I found when searching for "Ruby ABI compatible" https://www.ruby-lang.org/en/news/2013/12/21/ruby-version-policy-changes-with-2-1-0/ So, if they've kept that policy, this should be fine. Thanks for taking care of this!