From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.atof.net (smtp1.atof.net [52.86.233.228]) by sourceware.org (Postfix) with ESMTPS id D92933858D1E for ; Thu, 12 Oct 2023 03:59:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D92933858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gluelogic.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gluelogic.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Spam-Language: en X-Spam-Relay-Country: X-Spam-DCC: B=; R=smtp1.atof.net 1102; Body=1 Fuz1=1 Fuz2=1 X-Spam-RBL: X-Spam-PYZOR: Reported 0 times. Date: Wed, 11 Oct 2023 23:59:14 -0400 From: gs-cygwin.com@gluelogic.com To: Eric D Hendrickson Cc: "Hendrickson, Eric D" , "cygwin@cygwin.com" Subject: Re: Ruby EOL in Cygwin 3.4.9? Message-ID: References: <8cae1a30-cc92-cbea-4599-d7d550850ac5@cs.umass.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 List-Id: On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson via Cygwin wrote: > Sorry for the unclarity - I meant this for the whole list - not just you. > > Thank you so much for taking the time to respond. Like you said, this > really is all volunteers. > > For the whole list: > > Totally taking into account the all volunteer nature of Cygwin, would it > make sense to defer on further non-emergency releases of Cygwin until all > packages that are EOL have been updated? Since this is the case with ruby, > I am guessing it's likely the case with other packages in Cygwin too. > > Is there a Issues log of some sort (ala github) for Cygwin somewhere, so > that I can document this in the backlog and come back later to investigate > this myself if I have time this winter? > > > On Wed, Oct 11, 2023 at 8:11 PM Eliot Moss wrote: > > > On 10/11/2023 6:36 PM, Hendrickson, Eric D wrote: > > > Hi Eliot, > > > > > > Thanks for responding. That makes total sense. > > > > > > Totally taking into account the all volunteer nature of Cygwin, would it > > make sense to defer on further non-emergency releases of Cygwin until all > > packages that are EOL have been updated? Since this is the case with ruby, > > I am guessing it's likely the case with other packages in Cygwin too. > > > > > > Is there a backlog for Cygwin somewhere, so that I can investigate this > > myself if I have time this winter? > > > > > > Thank you and all the best, > > > Eric > > > > > > -----Original Message----- > > > From: Eliot Moss > > > Sent: Wednesday, October 11, 2023 5:03 PM > > > To: Hendrickson, Eric D ; cygwin@cygwin.com > > > Cc: Eric @ Gmail > > > Subject: Re: Ruby EOL in Cygwin 3.4.9? > > > > > > On 10/11/2023 12:37 PM, Hendrickson, Eric D via Cygwin wrote: > > >> Hello all, > > >> > > >> As a ~25 year user and sometime contributor to Cygwin, I support Cygwin > > here at my place of work. Does anyone know why we are deploying Ruby 2.6 > > which EOL about 18 months ago? > > >> > > >> https://www.ruby-lang.org/en/downloads/branches/ > > >> > > >> I'm concerned about proliferation of EOL versions of Ruby in case some > > security risk / 0Day is identified. > > >> > > >> Please advise. > > >> Eric Hendrickson > > > > You should send such things to the list, not me. I'm just > > a user who has only made occasional small contributions ... > > > > Eliot > > > > > If nobody has responded I can give a generic response: > > > "Because cygwin is all volunteer and someone has not volunteered, or did > > volunteer and is behind, or fell off the radar." > > > > > > Someone else will know how to look up if there is a currently registered > > volunteer for Ruby ... > > > > > > Eliot Moss > > > > > >> This e-mail, including attachments, may include confidential and/or > > >> proprietary information, and may be used only by the person or entity > > >> to which it is addressed. If the reader of this e-mail is not the > > >> intended recipient or intended recipient’s authorized agent, the > > >> reader is hereby notified that any dissemination, distribution or > > >> copying of this e-mail is prohibited. If you have received this e-mail > > >> in error, please notify the sender by replying to this message and > > delete this e-mail immediately. > > >> > > > > > > This e-mail, including attachments, may include confidential and/or > > > proprietary information, and may be used only by the person or entity > > > to which it is addressed. If the reader of this e-mail is not the > > intended > > > recipient or intended recipient’s authorized agent, the reader is hereby > > > notified that any dissemination, distribution or copying of this e-mail > > is > > > prohibited. If you have received this e-mail in error, please notify the > > > sender by replying to this message and delete this e-mail immediately. > > > > On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson via Cygwin wrote: > For the whole list: > > Totally taking into account the all volunteer nature of Cygwin, would it > make sense to defer on further non-emergency releases of Cygwin until all > packages that are EOL have been updated? Absolutely not. That makes *zero* sense for an all volunteer group. Not every single package is important to everyone. (I am speaking personally, as maintainer of a single package on Cygwin.) You care about Ruby? Good. I do not use Ruby, so that is not important *to me*. If some specific packages are important to you, please consider finding the maintainers of those packages and offering to help maintain those packages. https://cygwin.com/cygwin-pkg-maint There are many ruby-* packages that have been orphaned. Have at it. :) Cheers, Glenn