Ruby EOL in Cygwin 3.4.9?

Brian Inglis Brian.Inglis@Shaw.ca
Thu Oct 12 13:42:37 GMT 2023 

On 2023-10-11 16:47, Yasuhiro Kimura via Cygwin wrote:
> From: "Hendrickson, Eric D via Cygwin" <cygwin@cygwin.com>
> Subject: Ruby EOL in Cygwin 3.4.9?
> Date: Wed, 11 Oct 2023 16:37:29 +0000
> 
>> Hello all,
>>
>> As a ~25 year user and sometime contributor to Cygwin, I support Cygwin here at my place of work.  Does anyone know why we are deploying Ruby 2.6 which EOL about 18 months ago?
>>
>> https://www.ruby-lang.org/en/downloads/branches/
>>
>> I'm concerned about proliferation of EOL versions of Ruby in case some security risk / 0Day is identified.
>>
>> Please advise.
>> Eric Hendrickson
> 
> On my environment version of Ruby is 3.2.2.
> 
> (Cygwin64)yasu@rolling[1005]% uname -a                                                                                      ~
> CYGWIN_NT-10.0-22621 rolling 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64 Cygwin
> (Cygwin64)yasu@rolling[1006]% type ruby                                                                                     ~
> ruby is /usr/bin/ruby
> (Cygwin64)yasu@rolling[1007]% ruby --version                                                                                ~
> ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-cygwin]
> (Cygwin64)yasu@rolling[1008]%
> 
> I use https://ftp.iij.ad.jp/pub/cygwin as download site and there are
> surely ruby-3.2.2-2.hint, ruby-3.2.2-2.tar.xz, ruby-3.2.2-2-src.hint
> and ruby-3.2.2-2-src.tar.xz under
> https://ftp.iij.ad.jp/pub/cygwin/x86_64/release/ruby/.
> 
> So I guess download site you use is out of sync.

Current Cygwin ruby was updated to current upstream 3.2.2 six months ago; see:

	https://cygwin.com/packages/summary/ruby-src.html

Checking the upstream link, preview RCs of 3.3 are available but no final 
release yet.

So it is up to you to update to the latest stable releases available on Cygwin, 
and whether any package gets updated may be influenced by what other packages 
you use which depend on earlier versions of basic language or runtime packages, 
although I am not seeing any such holdbacks.

If you are seeing such behaviour, you can check /var/log/setup.log.full to see 
the decisions made by the solver to upgrade packages.

You can also check your selected mirror(s) in /etc/setup/setup.rc e.g.

	$ grep -xA3 'last-mirror' /etc/setup/setup.rc

and for the state of your mirror(s) see:

	https://cygwin.com/mirrors-report.html

and only statuses after the first two are normally significant IMO.

One of my preferred local mirrors went stale and I (unusually) got no response 
from the local university mirror support webpage or email, so had to add another 
with a better record. Eventually someone did something and it is back to normal.

As Cygwin is a rolling release distribution, each package and language is 
updated as upstream makes them available, and whether and when the maintainer 
has time and confidence to release each update depends on many factors, which 
may include updates to upstream packages needed to build or run a package, and 
whether tests work successfully on Cygwin, to be confident the release provides 
stable functionality.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

More information about the Cygwin mailing list