Bug#926280: Don't bundle rubygems
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 2 21:23:13 BST 2019
Package: jruby
Severity: important
(This bug isn't really actionable yet, as it depends on #926278 getting fixed
in src:ruby2.5)
Please don't use the bundled rubygems any longer, but instead a copy shared
with the C-based Ruby interpreter.
Given that most of the security issues in the C-based interpreter don't
affect Jruby (apart from the rubygems) this will considerably reduce the
overhead for keeping jruby updated in stable/oldstable.
I spoke to upstream (CCed) earlier and they confirmed that jruby bundles
the rubygems unmodified, so that should not cause any run time issues.
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list