<snip>
Could you give me a list of packages with problems so I can do the
second part? So the packages in question are: rubygem-actionmailer, rubygem-actionpack, rubygem-activerecord, rubygem-activeresource, rubygem-activesupport, rubygem-rails, rubygem-rack and rubygems. These are relevant bugzillas:
https://bugzilla.redhat.com/show_bug.cgi?id=1115776 https://bugzilla.redhat.com/show_bug.cgi?id=1095129 https://bugzilla.redhat.com/show_bug.cgi?id=1095127 https://bugzilla.redhat.com/show_bug.cgi?id=1095125 https://bugzilla.redhat.com/show_bug.cgi?id=1095122 https://bugzilla.redhat.com/show_bug.cgi?id=1095120 https://bugzilla.redhat.com/show_bug.cgi?id=1095118 https://bugzilla.redhat.com/show_bug.cgi?id=961066 https://bugzilla.redhat.com/show_bug.cgi?id=948706 https://bugzilla.redhat.com/show_bug.cgi?id=924318 https://bugzilla.redhat.com/show_bug.cgi?id=924297 https://bugzilla.redhat.com/show_bug.cgi?id=905374 https://bugzilla.redhat.com/show_bug.cgi?id=905373 https://bugzilla.redhat.com/show_bug.cgi?id=891468 https://bugzilla.redhat.com/show_bug.cgi?id=847202 https://bugzilla.redhat.com/show_bug.cgi?id=843924 https://bugzilla.redhat.com/show_bug.cgi?id=831583 https://bugzilla.redhat.com/show_bug.cgi?id=731453 https://bugzilla.redhat.com/show_bug.cgi?id=731451 https://bugzilla.redhat.com/show_bug.cgi?id=731450 https://bugzilla.redhat.com/show_bug.cgi?id=677629 https://bugzilla.redhat.com/show_bug.cgi?id=1097205 https://bugzilla.redhat.com/show_bug.cgi?id=909088 https://bugzilla.redhat.com/show_bug.cgi?id=814725 https://bugzilla.redhat.com/show_bug.cgi?id=771152 https://bugzilla.redhat.com/show_bug.cgi?id=771151
Looks scary, but it the end it`s just rails, rubygems and rack. All of these are co-maintained with Michael Stahnke, which I have no luck contacting either. There are actually more unfixed vulnerabilities, but I am confident they can be fixed by more active maintainers.
Hey, sorry for not getting some of these updated (you also didn't stay on #fedora-ruby long enough for me to respond). I find that updating many of these breaks API, because ruby library authors are really good at fixing security problems while introducing new issues. Many of them I didn't think I could update in EPEL -- for example moving rails from 2.x to 3.x is a HUGE change.
Rubygems got rolled into ruby upstream - so the old rubygems isn't maintained upstream.
Rack I should fix - they are good at compatibility.
I also welcome any co-maintainers on these items. I used to use these packages lots from EPEL, at my current workplace I don't really.