On 09/01/16 10:15, Thompson, David wrote:
> On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <mhw@netris.org> wrote:
>> Some of our ruby versions may need security updates.
>>
>>    https://bugzilla.redhat.com/show_bug.cgi?id=1248935
>>
>> Can someone who cares about ruby please investigate?
> This particular issue is definitely fixed in Ruby 2.2.4 or later,
> which we upgraded very recently in response to this.
Indeed, but seems it also affects 2.1 < 2.1.8, where we have 2.1.6. I've 
attached a trivial patch that updates it - ok to push?
> Now, I suspect Pjotr will find issue with this, but I think we really
> should drop the Ruby 1.8.7 package because it is end-of-life and will
> *not* receive bug fixes or security updates.

In general though it is a shame to remove old packages, Guix seems well 
suited to keeping old software usable. Is there a more useful place for 
removed packages to go other than the trash? A collection of exported 
profiles perhaps?

ben