Re: ruby1.9.1 test packages for wheezy
On 2018-04-18 12:47:52, Santiago R.R. wrote:
> Hi Antoine!
>
> El 17/04/18 a las 11:58, Antoine Beaupré escribió:
>> Also, after talking with my old colleagues, I just realized that they
>> might be using Ruby 1.8 and not 1.9.1. It seems we have triaged those
>> out of the picture, but maybe all 1.8 packages are affected by a bunch
>> of those issues too? This looks suspiciously sparse:
>>
>> https://security-tracker.debian.org/tracker/source-package/ruby1.8
>>
>> ... when compared to the larger:
>>
>> https://security-tracker.debian.org/tracker/source-package/ruby1.9.1
>>
>> I feel it's quite possible we have forgotten a bunch of CVEs in Ruby
>> 1.8, is it possible?
>
> Part of the issues relates to rubygems which is not shipped in ruby1.8.
> But maybe the rest of the issues (the bunch that was fixed in the recent
> upstream release) needs to be re-checked. I will triage them.
I talked with carnil, and he said this shouldn't be necessary, so I
wouldn't bother. He did the triage already, so I think we can assume he
did excellent work, as usual. :) I was worried 1.8 was forgotten, but he
assured me he did not. The discrepancy is indeed due to gems.
> To answer your other mail, I didn't find any regression in the test
> suite, comparing to the current revision. Unfortunately, I don't have a
> anything in production related to ruby where I can do something more
> than a smoke test.
Sounds good. I am waiting for feedback from my colleagues, hopefully
this should trickle out $today.
A.
--
Man is, at one and the same time, a solitary being and a social being,
- Albert Einstein
Reply to: