Thanks, all, it sounds like a good discussion is happening, and that Martin has some good plans to fix some of these issues.
Some comments below... ludo wrote: > Jyri Virkki wrote: >>> Rails is not installed? Is that really true, that the webstack Ruby >>> support doesn't include Rails? >>> >> >> Rails (or any gem) can be installed via 'gem'. >> >> There was much discussion here on exactly how to deliver packaged >> versions of some popular gems, but the first round delivers only ruby >> & gems. There's future work in the wishlist to explore packaged >> delivery of the most popular gems (like rails). >> I walk into a car dealership and buy a new car. When the car is delivered, it doesn't have doors. I am told that the doors can be easily installed, if that's what I want. To me, getting a Ruby webstack without Rails is like getting a car without doors. It just doesn't make sense, even if it is easy to install. >> > > or we can use/document a setfacl command like we do for other webstack > artifacts that must be editable for a 'webstack' user. > Ludo I think Ludo has hit on a larger point: that a developer in Solaris needs to have many more rights, by default, than they are currently given. I have run into the same access control issues with PostgreSQL, MySQL, and so on. I know this is beyond the scope of this team, but it seems to me that we should have some RBAC roles like 'Ruby Web Developer' and 'AMP Web Developer' (or even a generic 'Developer' role) and give them all the rights they need to be productive. Ideally, I should be prompted to assign these roles as part of creating the initial user when I first install Solaris. There is also the Mac OSX solution, where, every time you try to do something privileged, rather than telling you to go take a hike, it just asks you for the admin password, and you're off. What do you think? I'm still somewhat new to Solaris-land, so perhaps solutions already exist... But IMHO I believe we need to find a good compromise between "secure by default" and "difficult to use by default." Thanks, David >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe at ruby.netbeans.org > For additional commands, e-mail: dev-help at ruby.netbeans.org >
