Why is the Ruby 1.9.3 version so old?

Asked by Ian Dunlop on 2014-07-30

The version of Ruby 1.9.3 that is in the 12.04 repositories seems to be p0. The latest on https://www.ruby-lang.org/en/downloads/ is p547. Why is the packaged version so out of date? Will the 1.9.3 packages ever be updated?
On a similar note, will the 2.1 packages be backported to 12.04 and if so will they be maintained beyond the initial release?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ruby1.9.1 Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
2014-07-31
Last query:
2014-07-31
Last reply:
2014-07-31

Because 12.04 concentrates on what works and works well. LTS releases very rarely have the latest versions if the gains are small. If there is a significant reason to update a package (security or bug fixes) then it will be updated. Otherwise the package versions will remain as they work.

If you report a bug and the gains are significant, then the package will be updated. You may find a PPA with an updated version too
https://launchpad.net/ubuntu/+ppas?name_filter=ruby

Ian Dunlop (ianwdunlop) said : #2

Thanks for the quick response but your answer leaves me with more questions. Why do the versions vary so much between releases? 12.04 has 0, 13.04 has 194, 14.04 has 484. 14.04 is an LTS so it seems that the Ruby versions considered stable for it is a lot more recent that the one considered for 12.04. Why do they not have the same version since 12.04 is in support until 2017 and a lot of servers are running it. Here is an example of a recent security fix which should be a good enough reason to update https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ which was in fact packaged for 14.04

Manfred Hampl (m-hampl) said : #3

Ubuntu is no rolling release. That means that usually a package that has been delivered in a certain version at the moment of publication of the Ubuntu release will stay at that version throughout the life time of that Ubuntu release. Updates are done only for specific packages (e.g. firefox, thunderbird, java, timezone information, kernels and some more), or if there is a strong need for doing that (e.g. a severe bug). See also https://wiki.ubuntu.com/StableReleaseUpdates

If you think that there is a good reason for updating ruby in precise, please file a bug, stating the fixes that are contained in that higher version, and the benefits that are to be expected.

Best Manfred Hampl (m-hampl) said : #4

By the way, the security weakness that you mentioned was corrected in the precise version with a patch (without updating to the latest patch level), see also http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4164.html and https://launchpad.net/ubuntu/precise/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8

Ian Dunlop (ianwdunlop) said : #5

Thanks for the answers Manfred. I think the problem I have is trying to reconcile how the Ruby1.9.3 package and ruby-lang.org versions differ. I understand it better now.