From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta001.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) by sourceware.org (Postfix) with ESMTPS id 56AF53858C2F for ; Thu, 12 Oct 2023 13:42:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 56AF53858C2F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=Shaw.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=shaw.ca Received: from shw-obgw-4004a.ext.cloudfilter.net ([10.228.9.227]) by cmsmtp with ESMTPS id qrzVqngRYmfesqvxWqh6vU; Thu, 12 Oct 2023 13:42:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shaw.ca; s=s20180605; t=1697118158; bh=K/LMl7H1ZnQguUBBXNVKqzvlyN3JdeDP+I04Wnt6FHQ=; h=Date:Reply-To:Subject:To:References:From:In-Reply-To; b=g+grMoJIoZ5PHHJ4C3GI9SFny+slkN8FLsLREbF4b1Fo6kFWaSiFVT0yJZZ25Ebtp l13A5wJLzLdz0wRe0sGElCXnPWXg38qBjEo5jGrqBy8aaKdx78cP6IAY1/V/0WnMxW 1jpkDED9Ty3Cc66PV4DaTESMOxBS3jMyZQuTNllkOj7Tl/i0FJkCQFJmmxf3wRS57Q QLgOhGp3Fm3T2M7I7I5cX+DP0pdsS7vpgV03ExdGCjiM06jfs1wuSwLizxyRfQxCoa hXa1IBVK9riwSLJLYTN06fTcj0pjua+maXglBm9PBdjK5DnFqo9PQoKhg1HqzMaLCu 5MPG0wDClqGDg== Received: from [10.0.0.5] ([184.64.102.149]) by cmsmtp with ESMTP id qvxWqbLdBg1rfqvxWqpNd1; Thu, 12 Oct 2023 13:42:38 +0000 X-Authority-Analysis: v=2.4 cv=f9pbuc+M c=1 sm=1 tr=0 ts=6527f7ce a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=w2PP7KgtAAAA:8 a=iFoIdE3EAAAA:8 a=l4MR-7bWytormhCBACUA:9 a=QRzjZtwMIBQA:10 a=QEXdDO2ut3YA:10 a=fewbugDTUl8A:10 a=kTloH1531woA:10 a=sRI3_1zDfAgwuvI8zelB:22 a=CDB6uwv3NW-08_pL9N3q:22 Message-ID: Date: Thu, 12 Oct 2023 07:42:37 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: cygwin@cygwin.com Subject: Re: Ruby EOL in Cygwin 3.4.9? To: cygwin@cygwin.com References: <20231012.074748.1357909616677653985.yasu@utahime.org> Content-Language: en-CA From: Brian Inglis Organization: Inglis In-Reply-To: <20231012.074748.1357909616677653985.yasu@utahime.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfFoWIBfmTUyWaqVYZC8AMC6jz+SCzuj9JM3dQeRBKuCNylEqbRFZFoklzoqnJA55DF79TpE3B1l6eBepxmpCEpUMRrWnpXBPPV4wvSGfXHo3V9YdcekN i4KCZXS3kHx5LNKOujXHfDxXgjm894IZPB869T9bQc8010Bl/xuYVMJARQvGcuMDsbDx/MBM3Y/hDg== X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-10-11 16:47, Yasuhiro Kimura via Cygwin wrote: > From: "Hendrickson, Eric D via Cygwin" > Subject: Ruby EOL in Cygwin 3.4.9? > Date: Wed, 11 Oct 2023 16:37:29 +0000 > >> Hello all, >> >> As a ~25 year user and sometime contributor to Cygwin, I support Cygwin here at my place of work. Does anyone know why we are deploying Ruby 2.6 which EOL about 18 months ago? >> >> https://www.ruby-lang.org/en/downloads/branches/ >> >> I'm concerned about proliferation of EOL versions of Ruby in case some security risk / 0Day is identified. >> >> Please advise. >> Eric Hendrickson > > On my environment version of Ruby is 3.2.2. > > (Cygwin64)yasu@rolling[1005]% uname -a ~ > CYGWIN_NT-10.0-22621 rolling 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64 Cygwin > (Cygwin64)yasu@rolling[1006]% type ruby ~ > ruby is /usr/bin/ruby > (Cygwin64)yasu@rolling[1007]% ruby --version ~ > ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-cygwin] > (Cygwin64)yasu@rolling[1008]% > > I use https://ftp.iij.ad.jp/pub/cygwin as download site and there are > surely ruby-3.2.2-2.hint, ruby-3.2.2-2.tar.xz, ruby-3.2.2-2-src.hint > and ruby-3.2.2-2-src.tar.xz under > https://ftp.iij.ad.jp/pub/cygwin/x86_64/release/ruby/. > > So I guess download site you use is out of sync. Current Cygwin ruby was updated to current upstream 3.2.2 six months ago; see: https://cygwin.com/packages/summary/ruby-src.html Checking the upstream link, preview RCs of 3.3 are available but no final release yet. So it is up to you to update to the latest stable releases available on Cygwin, and whether any package gets updated may be influenced by what other packages you use which depend on earlier versions of basic language or runtime packages, although I am not seeing any such holdbacks. If you are seeing such behaviour, you can check /var/log/setup.log.full to see the decisions made by the solver to upgrade packages. You can also check your selected mirror(s) in /etc/setup/setup.rc e.g. $ grep -xA3 'last-mirror' /etc/setup/setup.rc and for the state of your mirror(s) see: https://cygwin.com/mirrors-report.html and only statuses after the first two are normally significant IMO. One of my preferred local mirrors went stale and I (unusually) got no response from the local university mirror support webpage or email, so had to add another with a better record. Eventually someone did something and it is back to normal. As Cygwin is a rolling release distribution, each package and language is updated as upstream makes them available, and whether and when the maintainer has time and confidence to release each update depends on many factors, which may include updates to upstream packages needed to build or run a package, and whether tests work successfully on Cygwin, to be confident the release provides stable functionality. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry