2010/9/9 Yusuke ENDOH <mame / tsg.ne.jp>:
> 2010/9/9 Ryan Davis <ryand-ruby / zenspider.com>:
>>> =A03) advantage for the core team: they not have to do security
>>> =A0 =A0 release if stdlib has a security issue, because "gem update"
>>> =A0 =A0 can be used.
>>
>> I think FreeBSD + ports is a good model here. I see it as
>>
>> =A0 =A0ruby + core libs : ruby stdlib :: freebsd distro : freebsd ports
>>
>> When a security announcement is released for freebsd itself, they usuall=
y
>> provide a workaround + patch that you can apply immediately and then you
>> can follow up with an official update. When a security announcement is
>> released for a port, you can update the ports tree and update that port
>> independent of a freebsd release.
>
> Interesting. =A0The two announcements for freebsd itself and a port
> are released at once, right? =A0Otherwise it leads to zero-day
> attack.
>
> The release manager must release not only full release but also and
> push new gems, at once. =A0This is "Cons 1" I said.

Separation of FreeBSD ports and pkgsrc is from the dependency to
external libraries.
http://www.freebsd.org/cgi/cvsweb.cgi/ports/lang/ruby18/
http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/lang/ruby18/README.html

--=20
NARUSE, Yui
naruse / airemix.jp