Hi Paul, On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers <elb...@debian.org> wrote: > This new rails version renewed its versioned dependency on ruby-marcel. > The new ruby-marcel version doesn't look like a targeted fix, so it > doesn't fit the freeze policy. If I read the changelog correctly, this > dependency is there to give rails a more relaxed license. I think such a > change is not really needed at this stage of the freeze, does rails > still work with the old version of ruby-marcel and can the version bump > be reverted?
Apologies, I missed (naturally because it wasn't copied) the conversation on this bug prior to opening an unblock request for both. Whilst I agree that ruby-marcel isn't really a targeted fix, I believe the bump was necessary to maintain sanity with future bug-fix releases of rails. I've been trying to maintain rails from sid (back to jessie), ensuring that the CVEs are at least timely fixed. During that course, I've hit a lot of bumps because of the version gaps, et al, so in this release I wanted rails to be at par with its supported bug-fix only release (that is, the 6.0.3.x branch). 6.0.3.6 brings in an unusual change by bumping ruby-marcel to 1.0.0. But after a lot of testing, sanity checking, et al, I found that the changes in marcel are a no-op, that is, it doesn't really affect how marcel was before and it is now. Marcel wanted to drop mimemagic dependency and so they introduced a Magic class (Marcel::Magic) for mime type detection. I know that it doesn't go along with the freeze policy atm, but I also believe that it's not really something that'd actually cause problems. IIUC, the bump doesn't really affect much but just does things differently internally. So is this edge case worth giving an exception along those lines? The bump shall yield nothing but (really) help in providing support to rails for the next couple of years in/for bullseye (at least while it's still supported). Let me know what you think? Thanks! - u
