[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Ruby 1.8.7-p71 / 1.8.6-p286 released (Security Fix

Urabe Shyouhei

8/8/2008 3:01:00 AM

At last.

Sorry to have kept you waiting so long. Here we release latest Ruby
1.8.7 / 1.8.6 series. I believe they are stable enough.
We also announce that we have fixed several vulnerabilities in them.
Please take a look at the following URL for details.

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilitie...

Released tarballes are available at:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p...
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p2...
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8....
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-...
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p...
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8...

And checksums:

MD5(ruby-1.8.6-p286.tar.gz)= 797ea136fe43e4286c9362ee4516674e
SHA256(ruby-1.8.6-p286.tar.gz)= 1774de918b156c360843c1b68690f5f57532ee48ff079d4d05c51dace8d523ed
SIZE(ruby-1.8.6-p286.tar.gz)= 4590373

MD5(ruby-1.8.6-p286.tar.bz2)= e6b6bf8f34370e433936adb7a7065e63
SHA256(ruby-1.8.6-p286.tar.bz2)= d800552900e1157bbeaae39a4c253683b2444820a5d1ba0a207a13cc469168b7
SIZE(ruby-1.8.6-p286.tar.bz2)= 3957979

MD5(ruby-1.8.6-p286.zip)= 49b8f8108eab839470c7bdc3aed19fbc
SHA256(ruby-1.8.6-p286.zip)= 7fbe51d1800385e9d11270fc3d7a2230af56b540956fd5f690ed0f050db321cc
SIZE(ruby-1.8.6-p286.zip)= 5606110

MD5(ruby-1.8.7-p71.tar.gz)= 721741d1e0785a0b6b9fb07d55184908
SHA256(ruby-1.8.7-p71.tar.gz)= 30ec4298e9ac186a2fe1a94362919ba805538252b707f3aadae1938429269c1a
SIZE(ruby-1.8.7-p71.tar.gz)= 4805478

MD5(ruby-1.8.7-p71.tar.bz2)= e23dd0dd619585df07acc1e3735ab5c7
SHA256(ruby-1.8.7-p71.tar.bz2)= ce74802744b9dfcd77bdd365a1543d050a56d9b366ed5e7a9bf2df25028fd411
SIZE(ruby-1.8.7-p71.tar.bz2)= 4127519

MD5(ruby-1.8.7-p71.zip)= b6f8337d1fb4f0646cc40be876e3b321
SHA256(ruby-1.8.7-p71.zip)= 6fc836f0e58442a0e128910ad9959c3e9814912b5ad8e48c279a04ed77e5a8f2
SIZE(ruby-1.8.7-p71.zip)= 5855760
12 Answers

Peña, Botp

8/8/2008 3:09:00 AM

0

From: Urabe Shyouhei [mailto:shyouhei@ruby-lang.org]
# ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-...

Hi Urabe, i just updated to the the latest snapshot ftp://ftp.ruby-lang.org/pub/ruby/stable-snaps....
Are they same?

thanks for the updates.
kind regards -botp

Urabe Shyouhei

8/8/2008 3:27:00 AM

0

Hello.

Pena, Botp wrote:
> From: Urabe Shyouhei [mailto:shyouhei@ruby-lang.org]
> # ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-...
>
> Hi Urabe, i just updated to the the latest snapshot ftp://ftp.ruby-lang.org/pub/ruby/stable-snaps....
> Are they same?
>

No, that snapshot is for ruby_1_8 branch (future 1.8.8), which is not
always stable. 1.8.7-p71 is for bugfixes only.

Peña, Botp

8/8/2008 3:33:00 AM

0

From: Urabe Shyouhei [mailto:shyouhei@ruby-lang.org]
# Pena, Botp wrote:
# > From: Urabe Shyouhei [mailto:shyouhei@ruby-lang.org]
# > # ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-...
# >
# > Hi Urabe, i just updated to the the latest snapshot
# ftp://ftp.ruby-lang.org/pub/ruby/stable-snaps....
# > Are they same?
# >
#
# No, that snapshot is for ruby_1_8 branch (future 1.8.8), which is not
# always stable. 1.8.7-p71 is for bugfixes only.

ouch, i thought wrong for so a long time, i was thinking otherwise since it had the infix "stable" on it. Btw, why name it "stable-snapshot"?

kind regards -botp

Urabe Shyouhei

8/8/2008 3:43:00 AM

0

Pena, Botp wrote:
> ouch, i thought wrong for so a long time, i was thinking otherwise since it had the infix "stable" on it. Btw, why name it "stable-snapshot"?
>

For some historical reasons where ruby_1_8 once was a "stable" branch in
the last century. It has been divided into more stable part versus
on-the-edge ruby_1_8 for several years. Snapshots are generated using
scripts and it seems that script is not updated to track "real" stables.
I suspect it is because we now have multiple stables, i.e. ruby 1.8.6
and 1.8.7.

Peña, Botp

8/8/2008 6:03:00 AM

0

From: Urabe Shyouhei [mailto:shyouhei@ruby-lang.org]
# For some historical reasons where ruby_1_8 once was a
# "stable" branch in
# the last century. It has been divided into more stable part versus
# on-the-edge ruby_1_8 for several years. Snapshots are generated using
# scripts and it seems that script is not updated to track
# "real" stables.
# I suspect it is because we now have multiple stables, i.e. ruby 1.8.6
# and 1.8.7.

thank you very much Urabe for the information/clarification.

kind regards -botp

Brian Brian

8/8/2008 4:24:00 PM

0

How can a patch be considered "released" without the Windows binaries
being made available? Is compiling the Ruby source code for Windows
difficult? If so, what's the hangup? Binaries for all platforms should
be available before any "patch" announcement is made.
--
Posted via http://www.ruby-....

James Britt

8/8/2008 6:45:00 PM

0

Brian Andrews wrote:
> How can a patch be considered "released" without the Windows binaries
> being made available? Is compiling the Ruby source code for Windows
> difficult? If so, what's the hangup? Binaries for all platforms should
> be available before any "patch" announcement is made.

Why?

People with a strong interest in a particular platform need to make sure
they can build on their platform of choice, and not expect some unpaid
volunteer to do it for them.

Besides, to wait to release *fixed* code until binaries for *all*
platforms are offered is, in fact, bonkers.

A release is source code; anything else is icing on the cake.

--
James Britt

www.happycamperstudios.com - Wicked Cool Coding
www.jamesbritt.com - Playing with Better Toys
www.ruby-doc.org - Ruby Help & Documentation
www.rubystuff.com - The Ruby Store for Ruby Stuff

Brian Brian

8/8/2008 7:15:00 PM

0

So Joe Developer should download the Ruby source code, fire up his C
compiler of choice, compile his own version of Ruby, and start building
and release software using his custom compiled version of Ruby?!

If there are 20,000 Ruby developers on the Windows platform, you are
suggesting that 20,000 potentially different compiled versions of the
Ruby binaries is acceptable?! To me, that's bonkers.

Why does this ftp site even exist
ftp://ftp.ruby-lang.org/pub/ruby/binarie... Isn't it where the
Ruby maintainers release the "officially" compiled Windows binaries? If
not, what's it for then? And why can't the latest patch be compiled and
made available upon announcement?

--
Posted via http://www.ruby-....

Urabe Shyouhei

8/9/2008 2:36:00 AM

0

Brian Andrews wrote:
> How can a patch be considered "released" without the Windows binaries
> being made available? Is compiling the Ruby source code for Windows
> difficult? If so, what's the hangup? Binaries for all platforms should
> be available before any "patch" announcement is made.
>

Ruby has never been officially released as binaries. It was always
released as source code. Waiting binaries for all platforms is simply
impossible; can you compile ruby binaries for HP-UX on Itanium? or for
AIX on POWER5?

James Britt

8/9/2008 4:34:00 AM

0

Brian Andrews wrote:
> So Joe Developer should download the Ruby source code, fire up his C
> compiler of choice, compile his own version of Ruby, and start building
> and release software using his custom compiled version of Ruby?!

If they like. It's open-source.

The reality (not the straw man) is that *some* people do take time out
of their lives to make such binaries available to others. It's called
"doing a favor."

>
> If there are 20,000 Ruby developers on the Windows platform, you are
> suggesting that 20,000 potentially different compiled versions of the
> Ruby binaries is acceptable?! To me, that's bonkers.

Don't use what you don't want or don't trust. Be glad for the choices
that are their. There *are* people who look for differently compiled
versions, and typically thank the people who provide them.

>
> Why does this ftp site even exist
> ftp://ftp.ruby-lang.org/pub/ruby/binarie... Isn't it where the
> Ruby maintainers release the "officially" compiled Windows binaries? If
> not, what's it for then? And why can't the latest patch be compiled and
> made available upon announcement?
>

Feel free to do so. It would be much appreciated.

The "Ruby maintainers" are, by and large, just regular folks who step up
to help out when they see something missing. But feel free to denigrate
their efforts.



--
James Britt

www.happycamperstudios.com - Wicked Cool Coding
www.jamesbritt.com - Playing with Better Toys
www.ruby-doc.org - Ruby Help & Documentation
www.rubystuff.com - The Ruby Store for Ruby Stuff