[DRE-maint] Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1
Paul Gevers
elbrus at debian.org
Thu May 27 20:51:03 BST 2021
tag 989037 moreinfo
thanks
Hi,
On 24-05-2021 11:35, Utkarsh Gupta wrote:
> On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers <elbrus at debian.org> wrote:
>> This new rails version renewed its versioned dependency on ruby-marcel.
>> The new ruby-marcel version doesn't look like a targeted fix, so it
>> doesn't fit the freeze policy. If I read the changelog correctly, this
>> dependency is there to give rails a more relaxed license. I think such
a
>> change is not really needed at this stage of the freeze, does rails
>> still work with the old version of ruby-marcel and can the version bump
>> be reverted?
>
> Apologies, I missed (naturally because it wasn't copied) the conversation
> on this bug prior to opening an unblock request for both.
>
> Whilst I agree that ruby-marcel isn't really a targeted fix, I believe the
> bump was necessary to maintain sanity with future bug-fix releases of rails.
> I've been trying to maintain rails from sid (back to jessie), ensuring that the
> CVEs are at least timely fixed. During that course, I've hit a lot of bumps
> because of the version gaps, et al, so in this release I wanted rails to be
> at par with its supported bug-fix only release (that is, the 6.0.3.x branch).
>
> 6.0.3.6 brings in an unusual change by bumping ruby-marcel to 1.0.0. But
> after a lot of testing, sanity checking, et al, I found that the changes in
> marcel are a no-op, that is, it doesn't really affect how marcel was before
> and it is now. Marcel wanted to drop mimemagic dependency and so they
> introduced a Magic class (Marcel::Magic) for mime type detection.
>
> I know that it doesn't go along with the freeze policy atm, but I also believe
> that it's not really something that'd actually cause problems. IIUC, the
> bump doesn't really affect much but just does things differently internally.
> So is this edge case worth giving an exception along those lines?
>
> The bump shall yield nothing but (really) help in providing support to rails
> for the next couple of years in/for bullseye (at least while it's
> still supported).
> Let me know what you think? Thanks!
You haven't answered my question: "does rails still work with the old
version of ruby-marcel and can the version bump be reverted"
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20210527/dfc89349/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list