On Apr 26, 2007, at 11:29, Charles Oliver Nutter wrote: > Eric Hodel wrote: >> How exactly is it sensitive? If I'm able to run code on the box I >> can find ruby, via rbconfig.rb or traversing the filesystem. On the >> other hand, if I had a non-ruby vector for getting into your machine, >> I'm sure there's lots of other stuff I'd compromise before I got >> around to messing with your ruby installation. > > I just don't like personally-identifiable information about my > filesystem layout to be published without my knowledge. Someone > noisier > than me will start causing trouble for that eventually. Sure, it's > not a > big deal, but it's exactly the kind of thing security folks frown on. > Also, how is this information even useful? Is there a good reason to > grab and publish the install prefix for every Ruby that tattles?
$ tattle -h Usage: tattle report # Print config data without sending tattle post # Post config data (this is the default) _______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
