Hi All,
Yesterday I ran into a bug, and it got me wondering about the Debian
policy on patch-level releases for ruby.
We're using Bookworm, so the ruby3.1 package is currently 3.1.2-7+deb12u1
https://packages.debian.org/bookworm/ruby3.1
The bug that I ran into was fixed in ruby 3.1.3, namely:
https://bugs.ruby-lang.org/issues/18673
Ruby 3.1.3 was released in November 2022, so I was surprised that the
bugfix wasn't included in the Debian ruby3.1 package yet.
So I'm wondering, what's the general policy for handling ruby patch
releases in Debian? Is it a case of, we would like to be shipping all
patch releases (3.1.6 is the latest for 3.1) but we haven't done it yet?
Or is 3.1.2 set in stone for bookworm? Or are some patches (e.g. CVEs)
backported to 3.1.2 but other patches aren't? Or something else?
I've had a good dig around for any guidance or policy on this topic,
without any success so far. Before I go any further I thought I should
ask here first.
Thanks,
Andy
