Dear Security team, we need your input on the ruby1.9/hppa situation (documented in #478717). Problem: Ruby 1.9 is the current "development" version of Ruby. It is supposed to become the "stable" version in december. It works well on all arches except hppa. ruby1.9 isn't autobuildable on lenny: it triggers a kernel issue, likely to be caused by hppa's partial NPTL support. The result is a few kernel backtraces, and sometimes a kernel panic. Current status: ruby1.9 is in lenny. It is likely that the current (outdated) version was hand-built by a porter. It is possible to build the current unstable version using a 2.6.22.19 kernel. (that has been done, but the version hasn't been uploaded so far). Possible solutions: (A) accept the hand-built packages into lenny. When a security update for ruby1.9 will be necessary, that update will have to be hand-built on hppa, on a machine with a suitable kernel. (B) drop ruby1.9 on hppa. That requires NMUing a dozen of packages that depend or build-depend on ruby1.9, including rrdtool, to either drop the dependancy on ruby1.9 on hppa, or drop it completely on all arches. (C) drop hppa as a release arch. After all, there are no active porter except people willing to provide access to systems (which is nice, but clearly not enough to keep hppa in a reasonable state), no developer-accessible machine admined by DSA, a 2.6.26 SMP kernel that doesn't boot, etc. == Relevant threads: on -release, with list of packages that would need to be NMUed: http://lists.debian.org/debian-release/2008/07/msg00298.html subthread about the kernel issues: http://lists.debian.org/debian-release/2008/07/msg00391.html on -hppa, about releasing lenny with hppa (or not): http://lists.debian.org/debian-hppa/2008/07/msg00044.html So, security team, what do you want? In the meantime, I'll start to implement (A) (ie, uploading an hand-built ruby1.9, and the other missing ruby packages on hppa). This is not a regression from the the current situation (outdated ruby1.9 packages that can crash the buildd anyway). -- | Lucas Nussbaum | lucas@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lucas@nussbaum.fr GPG: 1024D/023B3F4F |
Attachment:
signature.asc
Description: Digital signature