Mail Archives: cygwin/2023/10/12/00:16:12
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org A192E3857725
|
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
|
| s=default; t=1697084169;
|
| bh=KPjnn2X46Fslp+bc+4FvVeO0b1q/bnJ9rwdEpj6KHaM=;
|
| h=References:In-Reply-To:Date:Subject:To:Cc:List-Id:
|
| List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
|
| From:Reply-To:From;
|
| b=f9qo/au+u87KjkGdbVsAWhw04a4UcqVjpMTn9hYEdOsccFXIqFX9dpZSgofSyiU6g
|
| YphMoz8vV1pahvBJYDq0pryAklXKIqyaewxFie7ZbIXrX/d0l30335Qk8gePhgoeQf
|
| Gp5lieSn9HGf46QWdvkxBq9CUo29de15DyVOEEqk=
|
| X-Original-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | cygwin AT cygwin DOT com
|
| DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org 8968C3858D1E
|
| X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed;
|
| d=1e100.net; s=20230601; t=1697084152; x=1697688952;
|
| h=cc:to:subject:message-id:date:from:in-reply-to:references
|
| :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
|
| :reply-to;
|
| bh=nr/6BL8yA1NQdEnnjVK/VGXqyoJiu1+QTOKTe6LJacI=;
|
| b=d/42JnVDF1Dfvqo8jo3ecqWTPN4OuibwYKDoiucxD5VfOOIfEVgC1N6GDq5KVcBBkz
|
| uY1h1wDS0IO4Ui5yGs3Qm39LbQ9uU4iAeMRLeDqzpeaRxVTFkVQib6PBnConsO/7asgh
|
| xvjL1zgdLyzq5xkjKO4dV3ZeZrsNtDZ3s6oDo0fUUYrU0juGb2odyQcGISjMzLB1VwZR
|
| Wa69m5BgnVHvhw/3t9AyMIKFHUrbyRqwgQCGtMki1VeWVQh9ZYjEYJlGx5eHZxBpzpW2
|
| YxPG0LzC+XzjEzcCU04jCHawRBSpNmIZgu1Xn21MHuLWtE0kUYMU/xaOfSGuo83eL1IJ
|
| 5vPg==
|
| X-Gm-Message-State: | AOJu0Yw6MjBdeHKW9ORbG9CpcsRiYb74XR707gxmDoUdcA1zt8GdPRml
|
| fyRTyDy1pr+Hfo27yGypjEca3wSWhMpM87IxwIAr3L5y
|
| X-Google-Smtp-Source: | AGHT+IFyc5XAmmRSwUNfK2KsYKTVLfXlBihwxcMbJkbFk60RYlDBXke32aJYIToOA4mhsH379A615448DspOTKI05ik=
|
| X-Received: | by 2002:a25:dcce:0:b0:d9a:5419:fb8b with SMTP id
|
| y197-20020a25dcce000000b00d9a5419fb8bmr7986391ybe.23.1697084151659; Wed, 11
|
| Oct 2023 21:15:51 -0700 (PDT)
|
| MIME-Version: | 1.0
|
| References: | <PH7PR22MB31209C697AD372E36AD384ABAFCCA AT PH7PR22MB3120 DOT namprd22 DOT prod DOT outlook DOT com>
|
| <8cae1a30-cc92-cbea-4599-d7d550850ac5 AT cs DOT umass DOT edu>
|
| <PH7PR22MB3120ED5DF8EB2AA48EB8C436AFCCA AT PH7PR22MB3120 DOT namprd22 DOT prod DOT outlook DOT com>
|
| <d5eb20bc-bbe9-327f-bafc-e56dacfb23b8 AT cs DOT umass DOT edu>
|
| <CAByPD9=cE_-cuS8BXYv9EPy7_VNqhyXHj=2HMQ_ro4+V5t+sng AT mail DOT gmail DOT com>
|
| <ZSdvEv7Ds2UY72FG AT xps13>
|
| In-Reply-To: | <ZSdvEv7Ds2UY72FG@xps13>
|
| Date: | Wed, 11 Oct 2023 23:15:40 -0500
|
| Message-ID: | <CAByPD9kifZGr+N2oS6sgGieJHfsp2Wr_SNFqs_uDb+w14Cbz5A@mail.gmail.com>
|
| Subject: | Re: Ruby EOL in Cygwin 3.4.9?
|
| To: | gs-cygwin DOT com AT gluelogic DOT com
|
| Cc: | "Hendrickson, Eric D" <edh AT optum DOT com>,
|
| "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
|
| X-Spam-Status: | No, score=-0.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
|
| DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
|
| RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
|
| TXREP autolearn=ham autolearn_force=no version=3.4.6
|
| X-Spam-Checker-Version: | SpamAssassin 3.4.6 (2021-04-09) on
|
| server2.sourceware.org
|
| X-Content-Filtered-By: | Mailman/MimeDel 2.1.30
|
| X-BeenThere: | cygwin AT cygwin DOT com
|
| X-Mailman-Version: | 2.1.30
|
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com>
|
| List-Archive: | <https://cygwin.com/pipermail/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help>
|
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
|
| From: | Eric D Hendrickson via Cygwin <cygwin AT cygwin DOT com>
|
| Reply-To: | Eric D Hendrickson <ericdavidhendrickson AT gmail DOT com>
|
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
|
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 39C4GBRE017040
|
Hello,
Thanks for your reply. Again, to the point that this is an all volunteer
effort.
And not taking away from any of what you said.
However, sorry I was not more clear. The issue here is as follows.
Is Cygwin as a whole not more important than any one package?
Cygwin is distributing a suite of packages. Are you really saying that if
there were a 0day vulnerability discovered in an EOL package still being
distributed by Cygwin, that this would do no damage to the reputation of
Cygwin?
How does Cygwin being an all volunteer effort have any bearing on this
question, other than the time and interest of the volunteers?
Perhaps the volunteer team should consider adopting a process of evaluating
the support status of every package it redistributes, even at the expense
of slowing down the rate of releases. Or dropping packages when no one has
the time or interest in creating a package from a supported version of the
tool in question.
Again for the benefit of Cygwin as a whole - distributing EOL packages
could put Cygwin as a whole at risk, which I'm sure you would agree is much
worse than dropping a package from the suite.
This goes back to my other question -
Is there an Issues log or backlog a la GitHub where bugs / enhancement
requests / feature suggestions like this can be logged for future
consideration / evaluation, instead of one off discussions in this
ephemeral medium of email?
thank you and Cheers to you as well,
Eric
On Wed, Oct 11, 2023 at 10:59 PM <gs-cygwin DOT com AT gluelogic DOT com> wrote:
> On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson via Cygwin
> wrote:
> > Sorry for the unclarity - I meant this for the whole list - not just you.
> >
> > Thank you so much for taking the time to respond. Like you said, this
> > really is all volunteers.
> >
> > For the whole list:
> >
> > Totally taking into account the all volunteer nature of Cygwin, would it
> > make sense to defer on further non-emergency releases of Cygwin until all
> > packages that are EOL have been updated? Since this is the case with
> ruby,
> > I am guessing it's likely the case with other packages in Cygwin too.
> >
> > Is there a Issues log of some sort (ala github) for Cygwin somewhere, so
> > that I can document this in the backlog and come back later to
> investigate
> > this myself if I have time this winter?
> >
> >
> > On Wed, Oct 11, 2023 at 8:11 PM Eliot Moss <moss AT cs DOT umass DOT edu> wrote:
> >
> > > On 10/11/2023 6:36 PM, Hendrickson, Eric D wrote:
> > > > Hi Eliot,
> > > >
> > > > Thanks for responding. That makes total sense.
> > > >
> > > > Totally taking into account the all volunteer nature of Cygwin,
> would it
> > > make sense to defer on further non-emergency releases of Cygwin until
> all
> > > packages that are EOL have been updated? Since this is the case with
> ruby,
> > > I am guessing it's likely the case with other packages in Cygwin too.
> > > >
> > > > Is there a backlog for Cygwin somewhere, so that I can investigate
> this
> > > myself if I have time this winter?
> > > >
> > > > Thank you and all the best,
> > > > Eric
> > > >
> > > > -----Original Message-----
> > > > From: Eliot Moss <moss AT cs DOT umass DOT edu>
> > > > Sent: Wednesday, October 11, 2023 5:03 PM
> > > > To: Hendrickson, Eric D <edh AT optum DOT com>; cygwin AT cygwin DOT com
> > > > Cc: Eric @ Gmail <ericdavidhendrickson AT gmail DOT com>
> > > > Subject: Re: Ruby EOL in Cygwin 3.4.9?
> > > >
> > > > On 10/11/2023 12:37 PM, Hendrickson, Eric D via Cygwin wrote:
> > > >> Hello all,
> > > >>
> > > >> As a ~25 year user and sometime contributor to Cygwin, I support
> Cygwin
> > > here at my place of work. Does anyone know why we are deploying Ruby
> 2.6
> > > which EOL about 18 months ago?
> > > >>
> > > >> https://www.ruby-lang.org/en/downloads/branches/
> > > >>
> > > >> I'm concerned about proliferation of EOL versions of Ruby in case
> some
> > > security risk / 0Day is identified.
> > > >>
> > > >> Please advise.
> > > >> Eric Hendrickson
> > >
> > > You should send such things to the list, not me. I'm just
> > > a user who has only made occasional small contributions ...
> > >
> > > Eliot
> > >
> > > > If nobody has responded I can give a generic response:
> > > > "Because cygwin is all volunteer and someone has not volunteered, or
> did
> > > volunteer and is behind, or fell off the radar."
> > > >
> > > > Someone else will know how to look up if there is a currently
> registered
> > > volunteer for Ruby ...
> > > >
> > > > Eliot Moss
> > > >
> > > >> This e-mail, including attachments, may include confidential and/or
> > > >> proprietary information, and may be used only by the person or
> entity
> > > >> to which it is addressed. If the reader of this e-mail is not the
> > > >> intended recipient or intended recipient’s authorized agent, the
> > > >> reader is hereby notified that any dissemination, distribution or
> > > >> copying of this e-mail is prohibited. If you have received this
> e-mail
> > > >> in error, please notify the sender by replying to this message and
> > > delete this e-mail immediately.
> > > >>
> > > >
> > > > This e-mail, including attachments, may include confidential and/or
> > > > proprietary information, and may be used only by the person or entity
> > > > to which it is addressed. If the reader of this e-mail is not the
> > > intended
> > > > recipient or intended recipient’s authorized agent, the reader is
> hereby
> > > > notified that any dissemination, distribution or copying of this
> e-mail
> > > is
> > > > prohibited. If you have received this e-mail in error, please notify
> the
> > > > sender by replying to this message and delete this e-mail
> immediately.
> > >
> > >
>
>
> On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson via Cygwin
> wrote:
> > For the whole list:
> >
> > Totally taking into account the all volunteer nature of Cygwin, would it
> > make sense to defer on further non-emergency releases of Cygwin until all
> > packages that are EOL have been updated?
>
> Absolutely not. That makes *zero* sense for an all volunteer group.
>
> Not every single package is important to everyone.
> (I am speaking personally, as maintainer of a single package on Cygwin.)
>
> You care about Ruby? Good.
> I do not use Ruby, so that is not important *to me*.
>
> If some specific packages are important to you, please consider finding
> the maintainers of those packages and offering to help maintain those
> packages.
>
> https://cygwin.com/cygwin-pkg-maint
>
> There are many ruby-* packages that have been orphaned. Have at it. :)
>
> Cheers, Glenn
>
--
Good government never depends upon laws, but upon the personal qualities of
those who govern. The machinery of government is always subordinate to the
will of those who administer that machinery. The most important element of
government, therefore, is the method of choosing leaders.
-- Law and Governance, The Spacing Guild Manual, Children of Dune
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
- Raw text -