On 8/9/06, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote: > I'm not completely sure I agree with the way the Ruby team are handling > this release, but since I don't know the details yet, I can't really > work out what is happening; they may have very good justification for > the way they are doing it, or they may just be slightly shell-shocked.
Dave Thomas, who is heavily involved with Ruby yet not Rails-core, and who I think has very good judgement, thinks the issue is severe enough that they're doing the right thing to let people hear and upgrade before full disclosure. > something that is essentially pre-release for mission-critical work, you > are implicitly taking on the responsibility of watching carefully for > things like this. True, but Rails had lots of buzz and has -lots- of prod systems. Of the 2 people I talked to with prod rails systems, neither had heard of this 3 hours after the posting. I only knew because of luck on prog.reddit. Security is freaking hard. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
