[DRE-maint] Bug#754983: src:rails-4.0: rails-4.0 should not be part of next stable due lack of security updates

Ondřej Surý ondrej at debian.org
Wed Jul 16 14:49:30 UTC 2014


Package: src:rails-4.0
Version: 4.0.2+dfsg-2
Severity: serious
Justification: unsuitable for release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

As discussed in debian-ruby-extras, we must not release next Debian
stable with rails that we could support security wise.

rails-4.0 is an "Next most recent release series"[1] and it will stop
being supported when next major+1 release of rubyonrails is out.

Since rails doesn't have any clear roadmap this could happen in Jessie
lifetime and we would certainly want to prevent that.

Unfortunatelly this also means that we won't ship any r-deps that hard
depend on Ruby On Rails 4.0, but we really need to prevent the
security nightmare we have with rails-2.3+redmine in Debian wheezy.

1. http://rubyonrails.org/security/


- -- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (900, 'stable'), (800, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTxpD4AAoJEAyZtw70/LsHX1UP/2tbbFvL+O3ev5B+eY8t0vXI
/DQptgQyzRDt4uap74lK0gapPmrIrHlR5ME9U+sh29rjt/JA2+Qx2iu6h8euTtfT
8UQKKpmyqLzW0zA7VUTeCilirUSI+tng2CoLRYjBuEh+rweWdPsOzt335aG9k7Ee
/2FZ5ztb9YXbgRXEqRVJncwlCxr2/p49dw9JYzFU1zm1apOOHxzGTULLKi0L3nZY
DoYVIQKJlg3DYmQcF8Qf0vioLmTxD/Pmv56KVS/Yl0y+FjpeTKpL9m9l7gdPbTw7
0PbfalaCZ945e9NQYxDdJ/JvDQQ0zGJ2YAoXOYx4E4/eWASTyBqb7uHuaqLOqvoe
uCNZcIx6QWcxxDUrR71wbcR0oQyjde/4LN3hoV55UOrS1F1P7tx2nXZVX/utbx1x
NpcPcDLrMkn12OWhJk2qi6QeH9zm/4qPd+Acz6uo40L0Kc/uEdrri8hqmN9fZNMV
+df5o7G7rSqjdyCjVHt6yrJ0MZU5/Ozd6qOo9KJ23f363eUpuoE4hd3WadidGEkr
RE7ZqnzvazBmzGz4axuO8kthkLRv6aaXForc16oP1Dm/wEf2dAoZPIJgapS/vNjq
GWT7toJrPTCp/kB9pKc4AJUxSjoSvNig1oOTzJwJx+8saIblDOWT6x/vbbduhPpx
O6WxRXVewLlddqA8cZCh
=yaXX
-----END PGP SIGNATURE-----



More information about the Pkg-ruby-extras-maintainers mailing list