From: Andreas Enge <andreas@enge.fr>
To: Remco van 't Veer <remco@remworks.net>
Cc: guix-devel@gnu.org, Christopher Baines <mail@cbaines.net>
Subject: Re: nudging patches
Date: Fri, 19 May 2023 12:04:45 +0200 [thread overview]
Message-ID: <ZGdJvcs82qDKsboq@jurong> (raw)
In-Reply-To: <87o7mg8xev.fsf@remworks.net>
Hello Remco,
Am Fri, May 19, 2023 at 11:48:08AM +0200 schrieb Remco van 't Veer:
> Ruby 2.6 is EOL and 2.7 got it's "last" release in march
> (https://www.ruby-lang.org/en/news/2023/03/30/ruby-2-7-8-released/). So
> I guess 2.6 can be dropped and 2.7 may linger for a while?
the announcement states that
"After this release, Ruby 2.7 reaches EOL. In other words, this is expected to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9 even if a security vulnerability is found"
So it would be best to try to get rid of it as soon as possible;
if security vulnerabilities are not fixed, the working hypothesis is
that the package has security vulnerabilities...
> > Then there is an internal version ruby/fixed, which is very old, but,
> > strangely, ahead of the public minor ruby version, @2.7.7.
> It seems the ruby-2.7-fixed var has been orphaned by the latest
> core-updates merge. It was used for grafting (used as an "replacement"
> in the ruby-2.7 var) and my patch was still depending on that. I can
> update the patch by reinserting the grafting bit. WDYT?
Oh, I see. I am not familiar at all with grafting. But that would be
an option indeed to avoid rebuilding.
> > Could the remainder of ruby and other packages be made dependent on @3.2
> > instead of @2.7?
> This will probably me a trail and error path leaning on tests included
> in the packages.
With your findings above about ruby@2.7, this looks like a worthwhile path!
Andreas
next prev parent reply other threads:[~2023-05-19 10:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87lehn9giz.fsf@remworks.net>
2023-05-17 15:40 ` nudging patches Giovanni Biscuolo
2023-05-19 9:26 ` Andreas Enge
2023-05-19 9:48 ` Remco van 't Veer
2023-05-19 10:04 ` Andreas Enge [this message]
2023-05-19 11:09 ` [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}] Remco van 't Veer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZGdJvcs82qDKsboq@jurong \
--to=andreas@enge.fr \
--cc=guix-devel@gnu.org \
--cc=mail@cbaines.net \
--cc=remco@remworks.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).