Hello

There is actually another big third_party component that is currently
shipped together with ruby package - rubygems.

Rubygems is developed as a project [1] separately from ruby. Once in a
while ruby developers check-in rubygems into their source tree [2].
And up until now we used ruby's version of rubygems.

The issue is that rubygems keeps getting releases that are never
integrated into ruby releases. For example rubygems 2.7.6 has a number
of security bugfixes and it was not merged into ruby 2.5 branch.

I am going to split 'rubygems' package from 'ruby' and bring
'rubygems' up-to-date. 'ruby' will have a dependency to 'rubygems'
thus update does *not* require installing 'rubygems' separately.


[1] https://github.com/rubygems/rubygems
[2] https://github.com/ruby/ruby/tree/trunk/lib/rubygems
[3] 
https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183

Reply via email to