Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 May 2014 23:52:37 +0900
From:      "Akinori MUSHA" <knu@iDaemons.org>
To:        Steve Wills <swills@freebsd.org>
Cc:        svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org
Subject:   Re: svn commit: r354025 - in head/textproc/rubygem-nokogiri: . files
Message-ID:  <86ppjcsbii.knu@iDaemons.org>
In-Reply-To: <20140516154153.GA59733@mouf.net>
References:  <201405140650.s4E6oOMw059963@svn.freebsd.org> <20140516154153.GA59733@mouf.net>

next in thread | previous in thread | raw e-mail | index | archive | help
--pgp-sign-Multipart_Sat_May_17_23:52:33_2014-1
Content-Type: text/plain; charset=US-ASCII

At Fri, 16 May 2014 15:41:57 +0000,
Steve Wills wrote:
> This is not the correct fix. Please see attached. Please use this fix and
> remove rubygem-mini_portile from ports. The mini_portile gem does it's own
> installing of libraries and other things and this is not how we want ports to
> work, IMHO, so we really should avoid having it in port if possible.

Our libxml2 was updated to 2.9.x after the recent security incidents,
but nokogiri does not fully support that version, i.e. some features
do not function properly.  Using textproc/libxml2 worked only by
chance, that is, it was staying still at 2.8.0 while other
OS/distributions had migrated to 2.9.x a long time ago.

I have to point out that libxml2 is notorious for not releasing a new
version even if a critical bug is found, so it's all up to each
distributor as to which set of patches they merge to their package,
investing their time to track the uptream git repository.

Team Nokogiri has suffered so much with this, and concluded that there
is no way but to maintain its own version to avoid dealing with every
single platform dependent arbitrarily patched libxml2 installation.
Nokogiri uses a wide range of libxml2's features, and is thus subject
to be affected by a tiny incompatibility or bug/bug-fix in libxml2.

Starting from 1.6.2, nokogiri explicitly suggests using bundled
libxml2/libxslt that are properly patched for the gem including
security problems instead of using some unknown version provided by
the platform.

Above is all I can tell you on behalf of Team Nokogiri, and if you
still believe it's not correct, not the way FreeBSD ports should take,
that's fine, you can "fix" it on your own, but please do not expect me
to do that against my will.

Hopefully, when nokogiri is finally updated to support libxml2 2.9.1,
and if libxml2 stops neglecting their new releases, then the situation
may change, but I just can't recommend that at the moment.

--
Akinori MUSHA / https://akinori.org/

--pgp-sign-Multipart_Sat_May_17_23:52:33_2014-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP Digital Signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEABECAAYFAlN3d7EACgkQkgvvx5/Z4e5HnACgqjLxveqBsFqPe/Oy3K+0tAU2
swAAmwTuEj58tXUyY07RWDfYlGKtlwrX
=yxLV
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Sat_May_17_23:52:33_2014-1--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ppjcsbii.knu>