On Sb, 28 mar 20, 15:57:57, l0f4r0@tuta.io wrote: > Hi Andrei, > > Thanks for your feedback. > 28 mars 2020 à 14:40 de andreimpopescu@gmail.com: > > > Since you're asking on a Debian list the answer is "install from > > packages only". By definition[1] the software versions in stable remain > > the same (with a very few exceptions). If there are security issues the > > fix is backported to the stable version of the package. > > > Actually, I'm totally OK with the approach. > > But I'm not really talking about the ruby2.5 package and its > dependencies here. I don't need a specific higher Ruby version > (framework, engine...) so the Debian stable Ruby package fits my > needs. > > I'm rather talking about Ruby gems themselves. If I'm right, Buster > seems to come with some gems installed by default with ruby2.5 but > they are obsolete now. What makes you think that? > As they could introduce a security risk for example, I just want to > update them. It seems to me that you don't have a specific reason to update them, just a "there's a newer version available and I want to update" itch, also known as "versionitis" :) > However updating seems to be less straightfoward than anticipated > hence my request for advice ;) Everything I wrote still applies. Unless otherwise specified Debian provides security support for all gems distributed as Debian packages. If you install your gems outside the Debian package manager you are on your own. > PS: I'm not very used to Ruby so please don't hesitate to tell me if > I'm wrong somewhere... My programming skills stop at basic shell scripting :) Debian's policies in this regard are well documented and apply to all languages and their libraries. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature