On 6 October 2011 06:34, Phillip Gawlowski <cmdjackryan / gmail.com> wrote:
> On Thu, Oct 6, 2011 at 3:19 PM, Regis d'Aubarede
> <regis.aubarede / gmail.com> wrote:
>> or I can do  that at the beginning of my script :
>>
>>    def my_require(gem,pack=nil) require gem
>>    rescue Exception => e
>>      puts "loading #{pack||gem} fromnternet ..."
>>      system("gem install #{pack||gem} --no-ri --no-rdoc") ;
>>      require gem
>>    end
>
> Breaks if the user account doesn't have write permissions to the gem
> installation directory.
>
> Also: Who the hell do you think you are that you think you are allowed
> to futz around with my OS during your script's runtime? What you are
> doing *screams* malware behaviour (connecting to the internet and
> downloading code; nobody can guarantee that you haven't done a
> system("gem sources -a http://malicious.url") somewhere in there).
>
> If you are unable or unwilling to bundle your dependencies into one
> package, that's very much _your_ problem: You can build a custom
> RubyInstaller for Windows and include your dependencies, and for *NIX
> you can create a tarball for distribution that includes your
> dependencies. Heck, the latter works for Windows, too, if you don't
> include native extensions.

If you're worried about malware then I don't see how running someone's
custom installer is any safer than running some script. Arguably, with
the script you at least have a chance to look at what it's doing.