[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6 [securit
|
From: |
Maxime Devos |
|
Subject: |
[bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6 [security fixes].) |
|
Date: |
Wed, 29 Jun 2022 18:04:37 +0200 |
|
User-agent: |
Evolution 3.38.3-1 |
Remco van 't Veer schreef op wo 29-06-2022 om 17:58 [+0200]:
> Please note:
>
> $ guix refresh --list-dependent ruby@2.7
> Building the following 2346 packages would ensure 6612 dependent packages
> are rebuilt: ...
>
> So this goes into core-updates.
core-updates probably won't be merged for a long time, so a graft might
be needed in the meantime.
Basically, what you need to do is:
* keep the old ruby@2.7.4 package definition
* add a ruby@2.7.6 package (as (define-public ruby-2.7-fixed [...]))
* in ruby@2.7.4, add a field
(replacement ruby-2.7-fixed) ; security fixes
and verify that some Ruby-using dependents still seem to work.
That way, we can use a fixed ruby@2.7.6 on master.
(This assumes that ruby is graftable -- this assumes that ruby is
ABI-compatible, otherwise the grafted dependents won't work.)
Greetings,
Maxime
signature.asc
Description: This is a digitally signed message part
[bug#56302] [PATCH v2] gnu: ruby: Update to 2.7.6 [security fixes]., Remco van 't Veer, 2022/06/29
[bug#56302] [PATCH] gnu: ruby: Update to 2.7.6 [security fixes]., Maxime Devos, 2022/06/29