On 2023-10-11 16:47, Yasuhiro Kimura via Cygwin wrote:
From: "Hendrickson, Eric D via Cygwin" <cygwin@cygwin.com>
Subject: Ruby EOL in Cygwin 3.4.9?
Date: Wed, 11 Oct 2023 16:37:29 +0000
Hello all,
As a ~25 year user and sometime contributor to Cygwin, I support Cygwin here at
my place of work. Does anyone know why we are deploying Ruby 2.6 which EOL
about 18 months ago?
https://www.ruby-lang.org/en/downloads/branches/
I'm concerned about proliferation of EOL versions of Ruby in case some security
risk / 0Day is identified.
Please advise.
Eric Hendrickson
On my environment version of Ruby is 3.2.2.
(Cygwin64)yasu@rolling[1005]% uname -a
~
CYGWIN_NT-10.0-22621 rolling 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64 Cygwin
(Cygwin64)yasu@rolling[1006]% type ruby
~
ruby is /usr/bin/ruby
(Cygwin64)yasu@rolling[1007]% ruby --version
~
ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-cygwin]
(Cygwin64)yasu@rolling[1008]%
I use https://ftp.iij.ad.jp/pub/cygwin as download site and there are
surely ruby-3.2.2-2.hint, ruby-3.2.2-2.tar.xz, ruby-3.2.2-2-src.hint
and ruby-3.2.2-2-src.tar.xz under
https://ftp.iij.ad.jp/pub/cygwin/x86_64/release/ruby/.
So I guess download site you use is out of sync.
Current Cygwin ruby was updated to current upstream 3.2.2 six months ago; see:
https://cygwin.com/packages/summary/ruby-src.html
Checking the upstream link, preview RCs of 3.3 are available but no final
release yet.
So it is up to you to update to the latest stable releases available on Cygwin,
and whether any package gets updated may be influenced by what other packages
you use which depend on earlier versions of basic language or runtime packages,
although I am not seeing any such holdbacks.
If you are seeing such behaviour, you can check /var/log/setup.log.full to see
the decisions made by the solver to upgrade packages.
You can also check your selected mirror(s) in /etc/setup/setup.rc e.g.
$ grep -xA3 'last-mirror' /etc/setup/setup.rc
and for the state of your mirror(s) see:
https://cygwin.com/mirrors-report.html
and only statuses after the first two are normally significant IMO.
One of my preferred local mirrors went stale and I (unusually) got no response
from the local university mirror support webpage or email, so had to add another
with a better record. Eventually someone did something and it is back to normal.
As Cygwin is a rolling release distribution, each package and language is
updated as upstream makes them available, and whether and when the maintainer
has time and confidence to release each update depends on many factors, which
may include updates to upstream packages needed to build or run a package, and
whether tests work successfully on Cygwin, to be confident the release provides
stable functionality.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
