On Jun 13, 2012, at 6:35 PM, Frederick Cheung <frederick.che...@gmail.com> wrote:
> > > On Jun 13, 5:36 am, Rick Bychowski <wrink...@gmail.com> wrote: >> I am evaluating an application that runs on RoR 2.3.5. What are the >> liabilities of an application that is based on this older version of RoR? I >> am concerned about security and ease of development. How common is this in >> the Rails world? >> > > The latest version of 2.3.x is 2.3.14 or so. This should be easy to > update to and includes security updates if I remember correctly. > 2.3.x is no longer receiving updates (security or otherwise) and a lot > of the popular libraries / plugins are dropping support for 2.3 and > moving to 3.x only. The 2.3 to 3.x migration can > be quite a bit of work Hi, I'm the maintainer of an open source app that is still on 2.3.5 (http://kete.net.nz). As time progresses it definitely becomes more difficult and being behind becomes a form of technical debt, but that isn't the whole picture. If your codebase is large, upgrades of the underlying version of Rails can be non-trivial. For quite awhile versions of 2.3.x above 2.3.5 changed pretty rapidly. It seemed to be a fairly bumpy road. The obstacles to upgrading are specific to your code. Something that is not a big deal for others may stop you from proceeding. It really depends. You have to weigh the value upgrading will give you (erasing some forms of technical debt, new features, etc.) vs the effort necessary to upgrade and its side effects (destabilizing your codebase). It also hinges on resources available and priorities. Time spent upgrading that may not have benefits that are visible to a paying client is not spent on features that delivers obvious value. In other words you may have to expend more effort even justifying the work to upgrade. At the same time, Rails has been fairly good over the long haul about providing tools for 'freezing' an application's environment. Often you can simply stick with what is already working. So yeah, not ideal, but it's only part of the picture. Does the application give you the features you need? Is the codebase active? What's the developer community like? How's the documentation? You get the idea. Cheers, Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
