Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12002
| From | Louis-Philippe Véronneau <pollo@debian.org> |
|---|---|
| Newsgroups | linux.debian.maint.java |
| Subject | jruby in sid is pretty broken and is a key package. Help? |
| Date | 2020-12-23 22:20 +0100 |
| Message-ID | <BpjI5-7S1-5@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Hello! While working on a Clojure package that depends on jruby, I noticed it's in pretty bad shape: 1. it FTBFS (#959600) 2. it has a bunch of CVEs (#972230) 3. it doesn't run without declaring a specific env var (#977979) 4. it loads gems from /usr/lib/ruby/vendor_ruby and it probably should not for compatibility reasons (#977981) 5. it should probably be updated to the latest upstream version, as it targets ruby 2.3, which is kinda old and has no security support [1] (#895837) Being a key package, it hasn't been removed from testing, so people might have not noticed those issues. Adrian Bunk says a large part of the Java ecosystem seems to transitively depend on jruby, so I guess all those things are Bad™. Is there someone that could take a look at this package? It's really out of my field of expertise and I don't think I'll be able to help :S PS: I'm not currently subscribed to this list, so please keep me in CC. [1]: https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/ -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Louis-Philippe Véronneau ⢿⡄⠘⠷⠚⠋ pollo@debian.org / veronneau.org ⠈⠳⣄
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar
jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-23 22:20 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Markus Koschany <apo@debian.org> - 2020-12-23 22:50 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-23 23:00 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Adrian Bunk <bunk@debian.org> - 2020-12-23 23:30 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Markus Koschany <apo@debian.org> - 2020-12-24 00:50 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Sudip Mukherjee <sudipm.mukherjee@gmail.com> - 2020-12-24 01:00 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-30 20:20 +0100
csiph-web