Hi Bastien,
On Mon, 20 Oct 2025 16:09:20 +0200 Bastien Roucaries <[email protected]>
wrote:
I have prepared a debusine test here:
https://debusine.debian.net/debian/developers/work-request/151572/
As you can see the last stable update seems sane
May be it will help you to accept a full update
Backporting fixes for ruby/bookworm is hard and thus I will prefer to update to
last 3.1 version that is well tested
(finding this by accident while working on rails)
I believe a new upstream version has little chance to get accepted by
SRMs, as I think this never was done before for Debian interpreters or
base languages (Python, Perl, golang, etc.).
Upstream interpreters often fix bugs in stable branches, but such bug
fixes can introduce regressions in production environments that were
costly to test/audit/certify and are meant to stay stable/frozen (except
for security updates, preferably with non-intrusive fixes).
Additionally, I don't think we particularly need fixing e.g. all the
ReDoS vulnerabilities which have low impact but high complexity fixes.
Besides we already did a similar work for bullseye and downwards as part
of LTS/ELTS, which should be reasonably easy to up-port to bookworm.
So I would recommend proposing targeted fixes in this case.
Cheers!
Sylvain Beucler
Debian LTS Team
