|
From: | Ben Woodcroft |
Subject: | Re: Ruby security updates |
Date: | Sat, 9 Jan 2016 15:15:04 +1000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
On 09/01/16 10:15, Thompson, David wrote:
Indeed, but seems it also affects 2.1 < 2.1.8, where we have 2.1.6. I've attached a trivial patch that updates it - ok to push?On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <address@hidden> wrote:Some of our ruby versions may need security updates. https://bugzilla.redhat.com/show_bug.cgi?id=1248935 Can someone who cares about ruby please investigate?This particular issue is definitely fixed in Ruby 2.2.4 or later, which we upgraded very recently in response to this.
Now, I suspect Pjotr will find issue with this, but I think we really should drop the Ruby 1.8.7 package because it is end-of-life and will *not* receive bug fixes or security updates.
In general though it is a shame to remove old packages, Guix seems well suited to keeping old software usable. Is there a more useful place for removed packages to go other than the trash? A collection of exported profiles perhaps?
ben
0001-gnu-ruby-2.1-Update-to-2.1.8.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |