Hello! While working on a Clojure package that depends on jruby, I noticed it's in pretty bad shape:
1. it FTBFS (#959600) 2. it has a bunch of CVEs (#972230) 3. it doesn't run without declaring a specific env var (#977979) 4. it loads gems from /usr/lib/ruby/vendor_ruby and it probably should not for compatibility reasons (#977981) 5. it should probably be updated to the latest upstream version, as it targets ruby 2.3, which is kinda old and has no security support [1] (#895837) Being a key package, it hasn't been removed from testing, so people might have not noticed those issues. Adrian Bunk says a large part of the Java ecosystem seems to transitively depend on jruby, so I guess all those things are Bad™. Is there someone that could take a look at this package? It's really out of my field of expertise and I don't think I'll be able to help :S PS: I'm not currently subscribed to this list, so please keep me in CC. [1]: https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/ -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Louis-Philippe Véronneau ⢿⡄⠘⠷⠚⠋ po...@debian.org / veronneau.org ⠈⠳⣄
OpenPGP_signature
Description: OpenPGP digital signature
