"The ruby1.9.1 in 14.04 LTS is in main and is supported by the Ubuntu security team for the life of the LTS."
Is the Ubuntu security team providing out-of-band updates for Ruby 1.9.x? Because if not, it clearly is *not* being supported for the life of LTS -- 1.9.x is obsolete and isn't receiving security patches from upstream. Any security holes will remain holes, unless Canonical plans to patch them themselves. (Related: that 1.9.x would be obsolete very shortly into the lifespan of Trusty was known three months before Trusty was released. https://www .ruby-lang.org/en/news/2014/01/10/ruby-1-9-3-will-end-on-2015/ Hindsight is 20/20, but making this a don't-fix on top of it having been a known security vulnerability less than a year into the cycle of an ostensibly LTS product prior to launch is almost unfathomable.) The LTS wiki page describes the goals of LTS: limit feature set, so that maintaining and hardening the feature set that is included can be the primary criterion for releases. 1.9.x is inherently insecure -- and it is currently a *requirement* for installing 2.x? That should be unacceptable for an LTS build. Perhaps if 2.x were a revolutionary change that fundamentally broke a majority (or even a significant minority) of existing code, the argument could be made -- but that is largely not the case. 2.x has been long enough, and reviews have come in from all over, to where we know that remarkably little 1.9.x code required changing at all, let alone any major revisions. And on top of that, you have manpower in the comment thread already that has volunteered to help build that transition. I'm happy to throw my name into that hat as well. I don't see how won't-fixing this, and not even *considering* its being fixed, can be seen as in any way compliant with the purpose of an LTS release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1310292 Title: installing `ruby2.0` results in ruby 1.9.3-p484 as default version To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1310292/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
