From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Ruby security updates
Date: Fri, 8 Jan 2016 19:15:53 -0500
Message-ID: <CAJ=RwfYp4zjZBFJRLxjUh7Us5+svOTF_PA2O919N=93GKbPCyA@mail.gmail.com>
References: <87si271vks.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:32890)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1aHhCF-0001Aq-Kg
	for guix-devel@gnu.org; Fri, 08 Jan 2016 19:15:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1aHhCE-0004Xy-JY
	for guix-devel@gnu.org; Fri, 08 Jan 2016 19:15:55 -0500
Received: from mail-yk0-x22e.google.com ([2607:f8b0:4002:c07::22e]:33827)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1aHhCE-0004Xt-Cj
	for guix-devel@gnu.org; Fri, 08 Jan 2016 19:15:54 -0500
Received: by mail-yk0-x22e.google.com with SMTP id a85so302488444ykb.1
	for <guix-devel@gnu.org>; Fri, 08 Jan 2016 16:15:54 -0800 (PST)
In-Reply-To: <87si271vks.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel <guix-devel@gnu.org>

On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <mhw@netris.org> wrote:
> Some of our ruby versions may need security updates.
>
>   https://bugzilla.redhat.com/show_bug.cgi?id=1248935
>
> Can someone who cares about ruby please investigate?

This particular issue is definitely fixed in Ruby 2.2.4 or later,
which we upgraded very recently in response to this.

Now, I suspect Pjotr will find issue with this, but I think we really
should drop the Ruby 1.8.7 package because it is end-of-life and will
*not* receive bug fixes or security updates.

Thoughts?

- Dave