Ruby upstream announced that ruby 2.0.0 will no longer receive bugfixes and security updates: https://www.ruby-lang.org/en/news/2016/02/24/support-plan-of-ruby-2-0-0-and-2-1/ In Gentoo right now the default is to use ruby 2.0.0 and 2.1. 2.0 should probably be deprecated soon. (I wasn't sure if I should report this as a security issue, but it's not really a vuln, just the possibilty of future vulns, therefore reporting it as a normal issue and cc-ing security)
The ruby team is aware of the situation. Unfortunately the ruby 2.1 stable efforts have been stalled significantly by some arches. I had hoped we would have been ready by now to switch to ruby 2.1 as our main and only stable ruby target. I guess the best way forward is to start dropping stable keywords for those arches and move forward that way.
Hi, as far as I can see now all archs have at least one stable version of ruby 2.1.x. Also there is a tracker bug for ruby 2.0 deprecation issues (#576034) for which there are no dependent bugs. So it looks like the deprecation of ruby 2.0 can proceed. Is there anything left that needs to be done?
(In reply to Hanno Boeck from comment #2) > Hi, as far as I can see now all archs have at least one stable version of > ruby 2.1.x. Also there is a tracker bug for ruby 2.0 deprecation issues > (#576034) for which there are no dependent bugs. > > So it looks like the deprecation of ruby 2.0 can proceed. Is there anything > left that needs to be done? There is a lot left that needs to be done, unfortunately. All packages that only have ruby20 in USE_RUBY must be gone before we can mask ruby 2.0. For the most part this means that packages need a newer version stable. I've been tracking this but progress on stable bugs is very slow at the moment. I'll upload the current list of packages for reference.
Created attachment 440306 [details] List of ruby20-only packages
Ruby 2.0 has now been masked for removal.