Re: Ruby security updates

[Ben Woodcroft]

On 09/01/16 10:15, Thompson, David wrote:
> On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <address@hidden> wrote:
> > Some of our ruby versions may need security updates.
> >
> >    https://bugzilla.redhat.com/show_bug.cgi?id=1248935
> >
> > Can someone who cares about ruby please investigate?
> This particular issue is definitely fixed in Ruby 2.2.4 or later,
> which we upgraded very recently in response to this.
Indeed, but seems it also affects 2.1 < 2.1.8, where we have 2.1.6. I've 
attached a trivial patch that updates it - ok to push?
> Now, I suspect Pjotr will find issue with this, but I think we really
> should drop the Ruby 1.8.7 package because it is end-of-life and will
> *not* receive bug fixes or security updates.

In general though it is a shame to remove old packages, Guix seems well 
suited to keeping old software usable. Is there a more useful place for 
removed packages to go other than the trash? A collection of exported 
profiles perhaps?

ben

0001-gnu-ruby-2.1-Update-to-2.1.8.patch
Description: Text Data