From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 12:13:51 2022 Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 16:13:51 +0000 Received: from localhost ([127.0.0.1]:60014 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o6aK7-0007pR-9b for submit@debbugs.gnu.org; Wed, 29 Jun 2022 12:13:51 -0400 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:40997) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o6aK3-0007pA-Er for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 12:13:49 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id A97063200959; Wed, 29 Jun 2022 12:13:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 29 Jun 2022 12:13:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1656519220; x=1656605620; bh=LhLAdJ/Xhj UGGSwvPcnpTBZFcBuNU+zYCJiX2ZkCdUc=; b=kJHrCyFklQV+58Gu0sPouAZI8P tpQoQ4sRbybgJaKCTBmAXYhAQU7fMvCvx9zN1RBgpa/uR5RisbZffmdY8gTg7fbM PXG89mfYtpPKs61AEAajZsjhPwERjT6gOe3iGcOKLEo+Tw7aYTr9dLcKZbIAsr/i 7uowrpNeaRpBIEHO8dqmU2KrruS1uJmDQ2KpMDRdU8Fu0DI1wl1y0pte5vASwmYc 6v4902bjPhA5XFINdeU3dOWJeGo02dYgCZ2aKAIvD9afmxzN+HdO0tvo20/bBQzd aBhPB/OrMPKNjfOmXyF1naHtwUu7bN9cfDA6AT+cX95nRl3xfrLsAWMRm2rA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1656519220; x=1656605620; bh=LhLAdJ/XhjUGGSwvPcnpTBZFcBuN U+zYCJiX2ZkCdUc=; b=tuSrEJTdDButfuZhSW7+gkgJ2uuE9I49EMhVtaEleL4l QF7H6+RqgBT6jnSzfFjjgppmU/klj2LlZE6JkdR8waaKM4Q8P7nuMBEaqsI1GbqO z/UxNzRuR2YplqT8XTW/7eX3qG+E4LXMu+NmUkekJpjs77KNhqubnvSyaA17LPtn tFcYfPyE0ngJenPRlYv9wURxtwjgsGfHx0oAhFSvRlpRCbeBEMW9uggIfHZ4mZft xuh4NrAfGAgUmAlSjOok0HnU0VVovLeoi3Ry3HwgHPcQj2Bb9lwt4uLt2jPUvACa 14+JD4RhMBQsoEYJ/mhgMgTejvBDaDjKYvedFy3Chg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegledgleekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfhgfhffvvefujgffkfggtgesthdtredttdertdenucfhrhhomheptfgvmhgt ohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvtheqne cuggftrfgrthhtvghrnhepkeduveegfedufeelhedvuedvhfeufedtteevkeehhfeigfev lefhgeeukedtfeevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheprhgvmhgtohesrhgvmhifohhrkhhsrdhnvght X-ME-Proxy: Feedback-ID: i568842cc:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 29 Jun 2022 12:13:39 -0400 (EDT) References: <20220629155533.5224-1-remco@remworks.net> <87a69vh377.fsf@remworks.net> <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be> User-agent: mu4e 1.6.11; emacs 28.1 From: Remco van 't Veer To: Maxime Devos Subject: Re: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6 [security fixes].) In-reply-to: <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be> Date: Wed, 29 Jun 2022 18:13:38 +0200 Message-ID: <875ykjh2h9.fsf@remworks.net> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 56302 Cc: 56302@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) 2022/06/29 18:04, Maxime Devos: > core-updates probably won't be merged for a long time, so a graft might > be needed in the meantime. So, keep this bug and make a new patch / bug for the graft? > Basically, what you need to do is: > > * keep the old ruby@2.7.4 package definition > * add a ruby@2.7.6 package (as (define-public ruby-2.7-fixed [...])) > * in ruby@2.7.4, add a field > (replacement ruby-2.7-fixed) ; security fixes > > and verify that some Ruby-using dependents still seem to work. > > That way, we can use a fixed ruby@2.7.6 on master. > > (This assumes that ruby is graftable -- this assumes that ruby is > ABI-compatible, otherwise the grafted dependents won't work.) Thanks for the explanation! I'll give it a try. Cheers, Remco