Control: tag -1 moreinfo On Wed, May 06, 2026 at 02:46:29PM +0200, Sylvain Beucler wrote: > Hi Bastien, > > On Mon, 20 Oct 2025 16:09:20 +0200 Bastien Roucaries <[email protected]> > wrote: > > I have prepared a debusine test here: > > https://debusine.debian.net/debian/developers/work-request/151572/ > > > > As you can see the last stable update seems sane > > > > May be it will help you to accept a full update > > > > Backporting fixes for ruby/bookworm is hard and thus I will prefer to > > update to last 3.1 version that is well tested > > (finding this by accident while working on rails) > > I believe a new upstream version has little chance to get accepted by SRMs, > as I think this never was done before for Debian interpreters or base > languages (Python, Perl, golang, etc.). > > Upstream interpreters often fix bugs in stable branches, but such bug fixes > can introduce regressions in production environments that were costly to > test/audit/certify and are meant to stay stable/frozen (except for security > updates, preferably with non-intrusive fixes). > > Additionally, I don't think we particularly need fixing e.g. all the ReDoS > vulnerabilities which have low impact but high complexity fixes. > > Besides we already did a similar work for bullseye and downwards as part of > LTS/ELTS, which should be reasonably easy to up-port to bookworm. > > So I would recommend proposing targeted fixes in this case.
Sylvain summarises this far more eloquently than I can. I'm not accepting the diff as it currently stands. Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
