Am 08.12.2008 um 19:32 schrieb Richard Hurt:
Richard,
I completely agree with your proposal. I am in the process of
packaging Redmine and am at a loss for what to do with current and/
or future GEM dependencies. Debian needs a clear Ruby/Rails
direction and someone to push it forward. Since I have built my
business around Debian and am using Rails quite heavily this is a
fairly important topic for me. :)
Regarding the last statement: me too. :)
On Dec 8, 2008, at 1:23 PM| Dec 8, 2008, Richard Laager wrote:
On Sat, 2008-12-06 at 18:17 +0100, Lucas Nussbaum wrote:
Thus, if a gem is installed system-wide via APT/dpkg, it will Just
Work.
However, if you install a gem using "gem install ...", that'll Just
Work. Imagine these scenarios:
...
3. A security bug is found in a gem that Bob is using and Richard
wants
to install an even newer, patched version system-wide and have it
override Bob's version.
#3 has a lesser priority for me than the other points. Richard could
sent an email announcing the newer version fixing the security bug to
his customers. I think it might create problems for customer's
installations if the hoster can upgrade gems that automatically
override a customer-specific version – you can never be quite sure if
it's 100% compatible and not possibly breaking customer's apps. The
longer I think about it, the more I'm convincing myself that this
looks like a hosting policy issue which should not be solved by
technical means. So Bob would be responsible for the security of gems
he installed himself, whereas he could rely on Richard if he used
system-wide gems.
Best regards,
Christof
--
______________________________________________________________________
gl.aser - software & gestaltung
Riemannstrasse 38 . 04107 Leipzig . Germany
Phone +49.341.303 20 51 . http://gl.aser.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
