Any Ruby developers here

Story: RubyGems is compromisedTotal Replies: 2
Author Content
tracyanne

Jan 31, 2013
4:41 AM EDT
Any Ruby developers here
djohnston

Jan 31, 2013
8:29 AM EDT
Heise has just published this: Rubygems site recovers from compromise.
number6x

Jan 31, 2013
8:45 AM EDT
Yes.

Gems are software packages in ruby. Like using CPAN in Perl or using .deb's in debian.

I make sure to freeze my gems in production code, specifying the exact gem release. For example, I would require a gem called 'foo' to be at release 2.1.2, the release I tested and developed with.

You can specify a exact release, or you can specify that your code should require a release with a different measurement like greater than or equal to.



source 'http://rubygems.org' # gems set to an exact release number: gem 'foo', '2.1.2' gem 'bar', '1.3.3'

# use any version of this gem that is greater than or equal to the specified number: gem "baz", ">=1.0"

# use any version of this gem that is greater than or equal to the specified number, # but don't go above the next major release number. # This will update to anything from 2.1 to 2.9.9, but will not go 3.x or above: gem "qux", "~>2.1"


In production code I always specify the exact release. I don't want my code to automagically update without being tested first. You never know what could break.

Thanks for the heads up. This came across all the user group feeds I get as well.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!