List Archive: gentoo-osx
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Some of you might have noticed the Ruby (security) issue. I'd like to
have a quick round on it.
A short situation sketch:
- ruby 1.8.2 compiles with some patches made by usata on Panther
- ruby 1.8.2 collides on Tiger with system installed ruby
- ruby 1.8.2 contains security vulnerability and stuff
- ruby 1.8.3 is safe(r)
- ruby 1.8.3 doesn't compile on Panther due to autoconf 2.59 requirement
- ruby 1.8.3 of course also collides on Tiger
- ruby 1.8.2 is marked ppc-macos stable
- ruby 1.8.3 is marked ~ppc-macos unstable
ruby is for Tiger in p.mask, since the sec. bug I added the mask in the
Panther profile too, however, that's not really a solution, and the sec.
guys want more action from us, basically.
I can think of three 'solutions':
1. drop ppc-macos keyword for all ruby keywords.
This is drastical, but since ruby won't have a nice mariage with OSX
using oldstyle Gentoo/OSX it solves the problem for good.
2. drop ppc-macos keyword in 1.8.2 and replace it with 1.8.3
This is bad because we basically drop the keyword, but it leaves us
with the 'desired' state of having only ~ppc-macos.
3. stable 1.8.3
This feels bad to me, but it's what the sec. guys want to see. It
makes sense for progressive users (although I don't know of any real
ones). We would stable a package without testing that is masked.
So, a quick round of input on any one of the three (or a solution I
haven't thought of) solutions would be nice, in order to 'fix' the ruby
bug instead of letting it slide. It's wrong anyway.
Gentoo for Mac OS X Project -- Interim Lead
email@example.com mailing list