On 19/03/10 at 01:17 +0900, Rick DeNatale wrote:
> > Such a minor issue" was the split of many software packages into
> > seperate Debian packages, not the split of Ruby. ...
> 
> > Interestingly, we don't get many complaints on the Debian side about
> > that.  The only place where I hear about it is on this list.
> 
> I'm not sure what the antecedent of 'that' in the first sentence in
> the second paragraph is. But I guess it doesn't matter.  Perhaps the
> reason you only hear complaints about the debian packaging of Ruby and
> gems here is that there's a much higher proportion of users here who
> are actually leveraging Ruby in such a way as to have conflicting
> requirements with those of the debian packagers.

That's very true. Note that, on the Debian side, we totally acknowledge
that Rubygems fills a need for some people (Ruby developers who want the
cutting edge software). However, the vision (from a part of the ruby
community) where everybody using Debian/Ubuntu is using apt-get to
install their normal application, but rubygems to install their ruby
applications, is not a realistic one.

> >> > Of course, if you want to install many different Ruby and gems versions,
> >> > and then try to keep them in a sensible state wrt security issues (which
> >> > are not that uncommon in the ruby world), that's your choice.
> >>
> > On 19/03/10 at 00:35 +0900, James Edward Gray II wrote:
> >> You have lost the high ground in the civility argument.
> >
> > Why? What do you disagree with?
> 
> I can't speak for James but perhaps he was reacting to the remark
> about security issues not being uncommon in the ruby world.
> 
> In fact, although there have been security patches to Ruby/Rails etc.
> They haven't been more frequent than most other OSS software as far as
> I have experienced, and certainly less than software from a certain
> company headquartered in the US Pacific Northwest.  And such security
> patches are generally released quickly.
> 
> In fact having the ability to apply such changes, without having to
> wait for them to be packaged 'downstream' is another advantage to
> allowing 'instability.'

Heh, I never wrote that Ruby is a security nightmare :P There are
security issues in Ruby too, so that's something to take into account
when considering several versions of ruby concurrently and from source.
I agree that the Ruby security history is not particularly bad.
-- 
| Lucas Nussbaum
| lucas / lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas / nussbaum.fr             GPG: 1024D/023B3F4F |