[DRE-maint] serious problems with ruby1.8 and ruby1.9

Lucas Nussbaum lucas at lucas-nussbaum.net
Tue Sep 2 16:50:22 UTC 2008 

Hi,

The two ruby versions (1.8 = stable branch, 1.9 = dev branch) are
affected by two issues:
- (ruby1.9 specific): the fact that ruby1.9 fails to build on hppa, so
  all ruby1.9 packages (and their reverse dependencies) need to be
  removed from hppa.  (tracked as #478717 and #491930)
- a lot of security issues (apparently, people started auditing ruby's
  code only recently, and are finding a lot of problems). This is
  tracked as #494401 and #496808 for ruby1.8, #494402 for ruby1.9.

This email addresses the security issues, and only for ruby1.8. ruby1.9
is a different story, and I haven't had time to look at it yet (I'm
supposed to be in VAC). I CCed debian-ruby@: if someone have time to
look at ruby1.9, help would be very much appreciated.

Currently, in unstable/testing, we have ruby1.8 1.8.7p22, with some
backported patches (not fixing the security issues mentioned above).

Continuing to backport patches to that versions seems errorprone and
time-consuming, so instead, I'd like to ask for permission to package
and upload 1.8.7p72 ASAP, let it migrate to lenny, and get as much
testing as possible until the release.
- ruby1.8 is the stable branch of ruby. The diff between 1.8.7p22 and
  p72 mostly contains bug fixes. (see upstream diff in attachment)
- 1.8.7p72 has been released on 08/08, and the ruby community is known
  for upgrading to the latest upstream ASAP, so it surely was well
  tested. I haven't heard of any regressions caused by it (p22 broke
  rails).
- That's about all I'll have time to (properly) do anyway, and Daigo
  Moriwaki is also in VAC.

So, question: can I prepare and upload 1.8.7p72?

Thank you,
-- 
| Lucas Nussbaum
| lucas at lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas at nussbaum.fr             GPG: 1024D/023B3F4F |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ruby-1.8.7p22_to_p72.diff.gz
Type: application/octet-stream
Size: 27903 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20080902/17622362/attachment-0001.obj

More information about the Pkg-ruby-extras-maintainers mailing list