Date: Mon, 19 May 2014 22:01:25 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Steve Wills <swills@freebsd.org> Cc: Akinori MUSHA <knu@iDaemons.org>, svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r354025 - in head/textproc/rubygem-nokogiri: . files Message-ID: <20140519200125.GA72340@ivaldir.etoilebsd.net> In-Reply-To: <20140519194815.GB31349@mouf.net> References: <201405140650.s4E6oOMw059963@svn.freebsd.org> <20140516154153.GA59733@mouf.net> <86ppjcsbii.knu@iDaemons.org> <20140519013952.GB12777@mouf.net> <86k39itpis.knu@iDaemons.org> <20140519194815.GB31349@mouf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 19, 2014 at 07:48:16PM +0000, Steve Wills wrote: > Hi, >=20 > On Mon, May 19, 2014 at 12:29:15PM +0900, Akinori MUSHA wrote: > > At Mon, 19 May 2014 01:39:52 +0000, > > Steve Wills wrote: > > > > Starting from 1.6.2, nokogiri explicitly suggests using bundled > > > > libxml2/libxslt that are properly patched for the gem including > > > > security problems instead of using some unknown version provided by > > > > the platform. > > > > > > Thanks for the info, I wasn't aware of that. > > > > > > Wouldn't it be better to get the libxml2 from ports updated with the = bug fixes > > > instead of having one buggy version in ports and one non-buggy versio= n bundled > > > with nokogiri? > >=20 > > Libxml2 2.9.x, having had no release for one year and a half, finally > > rolled out a new release at the timing we (the Team Nokogiri) didn't > > expect while we were working on long-term release engineering for > > nokogiri 1.6.2 targetted for a patched libxml2 2.8.0. > >=20 > > We do want to take the time to tackle the new release of libxml2. but > > we currently have to deal with issues reported after 2.9.2, and then > > 2.9.2.1, so it may take at least a couple of weeks before we can start > > working on it. > >=20 > > > Can you please send me the fixes that libxml2 needs? > >=20 > > So far, libxml2 2.9.1 looks like a decent release as it should be, > > because it includes all it had exclusively in their repository, > > including bug fixes and security fixes. > >=20 > > However, it is confirmed that some test cases in nokogiri's test suite > > fail, which we are yet to figure out if it's libxml2 that introduced > > bugs, or nokogiri that had incorrect assumptions about some features > > of libxml2 or XML specifications. In any case, the ball is now on > > nokogiri's side. > >=20 > > One thing for sure is that nokogiri does not currently have a known > > security issue at the moment, and all features covered by the test > > suite should work fine when built with the bundled version of libxml2. > >=20 > > > > Hopefully, when nokogiri is finally updated to support libxml2 2.9.= 1, > > > > and if libxml2 stops neglecting their new releases, then the situat= ion > > > > may change, but I just can't recommend that at the moment. > > > > > > So are you saying nokogiri doesn't build with libxml2 2.9.1? Or doesn= 't work at > > > all with libxml2 2.9.1? Or partially broken? Or is it not supported d= ue to > > > missing fixes, which we could easily add in ports? > >=20 > > It builds with libxml2 2.9.1, but will be partially broken. It is not > > certain if it's a bug of libxml2's side, or if there are other pieces > > of software affected by the incompatibilities introduced by an upgrade > > to 2.9.1. > >=20 > > So, until nokogiri rolls out a new release that claims full support > > for libxml2 2.9.1, I'd recommend using the bundled libraries for the > > moment. I'll let you posted. >=20 > Sorry, missed this mail in my mailer. Thanks for the update. Perhaps we s= hould > create a libxml28 port for use until nokogiri supports libxml 2.9? As much as I want to see everything unbundled in that specific case, I would go into following upstream here, meaning libxml bundle for now and unbundle once it is compatible with 2.9 Creating a libxml28 will be a nightmare to handle with conflicts and so. regards, Bapt --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEUEARECAAYFAlN6YxUACgkQ8kTtMUmk6ExbAwCWJXAuVFLW1opec4ZKk8SOOBTM /ACggSh+zbRbvX3o7j7brNc0KHg984k= =VnTE -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140519200125.GA72340>