Any Ruby developers here

Story: RubyGems is compromisedTotal Replies: 2
Author Content
tracyanne

Jan 31, 2013
4:41 AM EDT 		Any Ruby developers here
djohnston

Jan 31, 2013
8:29 AM EDT 		Heise has just published this: Rubygems site recovers from compromise.
number6x

Jan 31, 2013
8:45 AM EDT 		Yes.

Gems are software packages in ruby. Like using CPAN in Perl or using .deb's in debian.

I make sure to freeze my gems in production code, specifying the exact gem release. For example, I would require a gem called 'foo' to be at release 2.1.2, the release I tested and developed with.

You can specify a exact release, or you can specify that your code should require a release with a different measurement like greater than or equal to. 



source 'http://rubygems.org' 
# gems set to an exact release number:
gem 'foo', '2.1.2'
gem 'bar', '1.3.3'

# use any version of this gem that is greater than or equal to the specified number:
gem "baz",  ">=1.0"

# use any version of this gem that is greater than or equal to the specified number, 
# but don't go above the next major release number. 
# This will update to anything from 2.1 to 2.9.9, but will not go 3.x or above:
gem "qux",  "~>2.1"


In production code I always specify the exact release. I don't want my code to automagically update without being tested first. You never know what could break.

Thanks for the heads up. This came across all the user group feeds I get as well.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!