[DRE-maint] permission to upload ruby1.8 1.8.7p72? (Was: serious problems with ruby1.8 and ruby1.9)
Luk Claes
luk at debian.org
Tue Sep 9 18:35:45 UTC 2008
Lucas Nussbaum wrote:
> Hi,
>
> It has almost been a week, with no answer from the release team. I'm
> very concerned that this will reduce the time this package will be
> tested before the release.
>
> The question is:
>> can I prepare and upload 1.8.7p72?
>
> Thank you.
>
> On 02/09/08 at 18:50 +0200, Lucas Nussbaum wrote:
>> Hi,
>>
>> The two ruby versions (1.8 = stable branch, 1.9 = dev branch) are
>> affected by two issues:
>> - (ruby1.9 specific): the fact that ruby1.9 fails to build on hppa, so
>> all ruby1.9 packages (and their reverse dependencies) need to be
>> removed from hppa. (tracked as #478717 and #491930)
>> - a lot of security issues (apparently, people started auditing ruby's
>> code only recently, and are finding a lot of problems). This is
>> tracked as #494401 and #496808 for ruby1.8, #494402 for ruby1.9.
>>
>> This email addresses the security issues, and only for ruby1.8. ruby1.9
>> is a different story, and I haven't had time to look at it yet (I'm
>> supposed to be in VAC). I CCed debian-ruby@: if someone have time to
>> look at ruby1.9, help would be very much appreciated.
>>
>> Currently, in unstable/testing, we have ruby1.8 1.8.7p22, with some
>> backported patches (not fixing the security issues mentioned above).
>>
>> Continuing to backport patches to that versions seems errorprone and
>> time-consuming, so instead, I'd like to ask for permission to package
>> and upload 1.8.7p72 ASAP, let it migrate to lenny, and get as much
>> testing as possible until the release.
>> - ruby1.8 is the stable branch of ruby. The diff between 1.8.7p22 and
>> p72 mostly contains bug fixes. (see upstream diff in attachment)
>> - 1.8.7p72 has been released on 08/08, and the ruby community is known
>> for upgrading to the latest upstream ASAP, so it surely was well
>> tested. I haven't heard of any regressions caused by it (p22 broke
>> rails).
>> - That's about all I'll have time to (properly) do anyway, and Daigo
>> Moriwaki is also in VAC.
>>
>> So, question: can I prepare and upload 1.8.7p72?
Yes, please upload.
Cheers
Luk
More information about the Pkg-ruby-extras-maintainers
mailing list