X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D9BBD3857835 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1697118197; bh=h7+n2PDHlYaA8F9199808EFPQo4MAH705ohYinqyMOM=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=CNO3eRX3vVpP5QvhHcr+wTdtizaFLXhE9o9Ui0yBAWsfw7bZ0pmxhQW3dFf4oG5pO BFT3m6oatB2YKB7F2mO/4e03u1Ib6uVjX1kmqj+/Emo57d8V4UUxeCQWE+QukQc2NU mvurIHukDfVMY3qmkYRFoCD0NQxp2iNbYM/FOldc= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 56AF53858C2F X-Authority-Analysis: v=2.4 cv=f9pbuc+M c=1 sm=1 tr=0 ts=6527f7ce a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=w2PP7KgtAAAA:8 a=iFoIdE3EAAAA:8 a=l4MR-7bWytormhCBACUA:9 a=QRzjZtwMIBQA:10 a=QEXdDO2ut3YA:10 a=fewbugDTUl8A:10 a=kTloH1531woA:10 a=sRI3_1zDfAgwuvI8zelB:22 a=CDB6uwv3NW-08_pL9N3q:22 Message-ID: Date: Thu, 12 Oct 2023 07:42:37 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Ruby EOL in Cygwin 3.4.9? To: cygwin AT cygwin DOT com References: <20231012 DOT 074748 DOT 1357909616677653985 DOT yasu AT utahime DOT org> Content-Language: en-CA Organization: Inglis In-Reply-To: <20231012.074748.1357909616677653985.yasu@utahime.org> X-CMAE-Envelope: MS4xfFoWIBfmTUyWaqVYZC8AMC6jz+SCzuj9JM3dQeRBKuCNylEqbRFZFoklzoqnJA55DF79TpE3B1l6eBepxmpCEpUMRrWnpXBPPV4wvSGfXHo3V9YdcekN i4KCZXS3kHx5LNKOujXHfDxXgjm894IZPB869T9bQc8010Bl/xuYVMJARQvGcuMDsbDx/MBM3Y/hDg== X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Brian Inglis via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Brian Inglis Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 39CDhJ97020735 On 2023-10-11 16:47, Yasuhiro Kimura via Cygwin wrote: > From: "Hendrickson, Eric D via Cygwin" > Subject: Ruby EOL in Cygwin 3.4.9? > Date: Wed, 11 Oct 2023 16:37:29 +0000 > >> Hello all, >> >> As a ~25 year user and sometime contributor to Cygwin, I support Cygwin here at my place of work. Does anyone know why we are deploying Ruby 2.6 which EOL about 18 months ago? >> >> https://www.ruby-lang.org/en/downloads/branches/ >> >> I'm concerned about proliferation of EOL versions of Ruby in case some security risk / 0Day is identified. >> >> Please advise. >> Eric Hendrickson > > On my environment version of Ruby is 3.2.2. > > (Cygwin64)yasu AT rolling[1005]% uname -a ~ > CYGWIN_NT-10.0-22621 rolling 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64 Cygwin > (Cygwin64)yasu AT rolling[1006]% type ruby ~ > ruby is /usr/bin/ruby > (Cygwin64)yasu AT rolling[1007]% ruby --version ~ > ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-cygwin] > (Cygwin64)yasu AT rolling[1008]% > > I use https://ftp.iij.ad.jp/pub/cygwin as download site and there are > surely ruby-3.2.2-2.hint, ruby-3.2.2-2.tar.xz, ruby-3.2.2-2-src.hint > and ruby-3.2.2-2-src.tar.xz under > https://ftp.iij.ad.jp/pub/cygwin/x86_64/release/ruby/. > > So I guess download site you use is out of sync. Current Cygwin ruby was updated to current upstream 3.2.2 six months ago; see: https://cygwin.com/packages/summary/ruby-src.html Checking the upstream link, preview RCs of 3.3 are available but no final release yet. So it is up to you to update to the latest stable releases available on Cygwin, and whether any package gets updated may be influenced by what other packages you use which depend on earlier versions of basic language or runtime packages, although I am not seeing any such holdbacks. If you are seeing such behaviour, you can check /var/log/setup.log.full to see the decisions made by the solver to upgrade packages. You can also check your selected mirror(s) in /etc/setup/setup.rc e.g. $ grep -xA3 'last-mirror' /etc/setup/setup.rc and for the state of your mirror(s) see: https://cygwin.com/mirrors-report.html and only statuses after the first two are normally significant IMO. One of my preferred local mirrors went stale and I (unusually) got no response from the local university mirror support webpage or email, so had to add another with a better record. Eventually someone did something and it is back to normal. As Cygwin is a rolling release distribution, each package and language is updated as upstream makes them available, and whether and when the maintainer has time and confidence to release each update depends on many factors, which may include updates to upstream packages needed to build or run a package, and whether tests work successfully on Cygwin, to be confident the release provides stable functionality. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple