[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6 [securit

From: Maxime Devos
Subject: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6 [security fixes].)
Date: Wed, 29 Jun 2022 18:04:37 +0200
User-agent: Evolution 3.38.3-1

Remco van 't Veer schreef op wo 29-06-2022 om 17:58 [+0200]:
> Please note:
>   $ guix refresh --list-dependent ruby@2.7
>   Building the following 2346 packages would ensure 6612 dependent packages 
> are rebuilt: ...
> So this goes into core-updates.

core-updates probably won't be merged for a long time, so a graft might
be needed in the meantime.

Basically, what you need to do is:

  * keep the old ruby@2.7.4 package definition
  * add a ruby@2.7.6 package (as (define-public ruby-2.7-fixed [...]))
  * in ruby@2.7.4, add a field
    (replacement ruby-2.7-fixed) ; security fixes

and verify that some Ruby-using dependents still seem to work.

That way, we can use a fixed ruby@2.7.6 on master.

(This assumes that ruby is graftable -- this assumes that ruby is
ABI-compatible, otherwise the grafted dependents won't work.)


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]