[DRE-maint] Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1

Utkarsh Gupta utkarsh at debian.org
Mon May 24 10:35:15 BST 2021


Hi Paul,

On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers <elbrus at debian.org> wrote:
> This new rails version renewed its versioned dependency on ruby-marcel.
> The new ruby-marcel version doesn't look like a targeted fix, so it
> doesn't fit the freeze policy. If I read the changelog correctly, this
> dependency is there to give rails a more relaxed license. I think such a
> change is not really needed at this stage of the freeze, does rails
> still work with the old version of ruby-marcel and can the version bump
> be reverted?

Apologies, I missed (naturally because it wasn't copied) the conversation
on this bug prior to opening an unblock request for both.

Whilst I agree that ruby-marcel isn't really a targeted fix, I believe the
bump was necessary to maintain sanity with future bug-fix releases of rails.
I've been trying to maintain rails from sid (back to jessie), ensuring that the
CVEs are at least timely fixed. During that course, I've hit a lot of bumps
because of the version gaps, et al, so in this release I wanted rails to be
at par with its supported bug-fix only release (that is, the 6.0.3.x branch).

6.0.3.6 brings in an unusual change by bumping ruby-marcel to 1.0.0. But
after a lot of testing, sanity checking, et al, I found that the changes in
marcel are a no-op, that is, it doesn't really affect how marcel was before
and it is now. Marcel wanted to drop mimemagic dependency and so they
introduced a Magic class (Marcel::Magic) for mime type detection.

I know that it doesn't go along with the freeze policy atm, but I also believe
that it's not really something that'd actually cause problems. IIUC, the
bump doesn't really affect much but just does things differently internally.
So is this edge case worth giving an exception along those lines?

The bump shall yield nothing but (really) help in providing support to rails
for the next couple of years in/for bullseye (at least while it's
still supported).
Let me know what you think? Thanks!


- u



More information about the Pkg-ruby-extras-maintainers mailing list