Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12002
| Path | csiph.com!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Louis-Philippe Véronneau <pollo@debian.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | jruby in sid is pretty broken and is a key package. Help? |
| Date | Wed, 23 Dec 2020 22:20:01 +0100 |
| Message-ID | <BpjI5-7S1-5@gated-at.bofh.it> (permalink) |
| X-Original-To | debian-java@lists.debian.org |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Wed Dec 23 21:15:52 2020 |
| Old-Return-Path | <pollo@debian.org> |
| X-Amavis-Spam-Status | No, score=-11.198 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, BODY_8BITS=1.5, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -4.6 |
| X-Riseup-User-ID | 4A5E35606F524EF11B982FC943AC9B9DDF3D49ED89D63990C3646C74AD3CF153 |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="QGrB01ZwC5ZGo8Hp7P1yP3PIsujbubk6c" |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/22628 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/42a0cfd5-19b8-9d60-620a-4acb1732c171@debian.org |
| Approved | robomod@news.nic.it |
| Lines | 81 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Wed, 23 Dec 2020 16:15:06 -0500 |
| X-Original-Message-ID | <42a0cfd5-19b8-9d60-620a-4acb1732c171@debian.org> |
| Xref | csiph.com linux.debian.maint.java:12002 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hello! While working on a Clojure package that depends on jruby, I noticed it's in pretty bad shape: 1. it FTBFS (#959600) 2. it has a bunch of CVEs (#972230) 3. it doesn't run without declaring a specific env var (#977979) 4. it loads gems from /usr/lib/ruby/vendor_ruby and it probably should not for compatibility reasons (#977981) 5. it should probably be updated to the latest upstream version, as it targets ruby 2.3, which is kinda old and has no security support [1] (#895837) Being a key package, it hasn't been removed from testing, so people might have not noticed those issues. Adrian Bunk says a large part of the Java ecosystem seems to transitively depend on jruby, so I guess all those things are Bad™. Is there someone that could take a look at this package? It's really out of my field of expertise and I don't think I'll be able to help :S PS: I'm not currently subscribed to this list, so please keep me in CC. [1]: https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/ -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Louis-Philippe Véronneau ⢿⡄⠘⠷⠚⠋ pollo@debian.org / veronneau.org ⠈⠳⣄
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar
jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-23 22:20 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Markus Koschany <apo@debian.org> - 2020-12-23 22:50 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-23 23:00 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Adrian Bunk <bunk@debian.org> - 2020-12-23 23:30 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Markus Koschany <apo@debian.org> - 2020-12-24 00:50 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Sudip Mukherjee <sudipm.mukherjee@gmail.com> - 2020-12-24 01:00 +0100
Re: jruby in sid is pretty broken and is a key package. Help? Louis-Philippe Véronneau <pollo@debian.org> - 2020-12-30 20:20 +0100
csiph-web