On 1/14/07, John C. Bland II <[EMAIL PROTECTED]> wrote: > Ruby is a programming language (from the 90's or so) that was used a lot as > an alternative to perl server scripts. A few years back a framework was > built that gave RoR tons of publicity. I think some of the shine came off > when they had a gaping security hole in which they demanded that people > upgrade to the latest revision (was kinda funny the way they approached it). > In 2 or 3 days they pushed out like 2 or 3 patches. Regardless of that it is > still a very lightweight, fast, and speedy (to dev' in) language/framework.
That's a bizarre piece of FUD. It's like saying "I think some of the shine came off ColdFusion when that ToysRUs site performed so poorly" or "Now that Adobe/Macromedia/whoever owns CF it's doomed" etc. Or all the FUD about poorly written PHP/CF/whatever apps that are vulnerable to cross-site scripting attacks and/or SQL injection (heck, even *gMail* has had a significant security issue if you feel like your contact list should be private). For anyone who cares about the details surround this particular issue, it's summarized here http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure I'll also point out that the Rails folks can't *force* anyone to upgrade -- what they did was refuse to point out the specific problem or release demo code of the exploit until people had a chance to patch, but since the project is open source and the SVN repository is publically available, it's easy enough to run a diff and see what changed. I'd suggest that the whole process in general was a good example of the *point* of open source -- major problem was identified, code was *quickly* patched to prevent problem, other problems were identified, and code was patched again, not to mention that the community feedback on the process was incorporated into the way future incidents are/were handled. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:266687 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
