Ohad Levy wrote: > Maybe its time to ping David to upgrade rails... ? I don't think that's likely to happen in EPEL, or even within a released version of Fedora (though only the soon to be EOL Fedora 10 has rails < 2.2.2).
In just the past month or so, a security bug in ActiveSupport was
fixed by updating from 2.3.2 to 2.3.3 and this exposed a problem in
that rails apps hardcode the version by default (why they do this, I
don't think I want to know ;).
There was much discussion of this in the bug report, starting around:
https://bugzilla.redhat.com/show_bug.cgi?id=520843
In the end, the update was reverted to not break backwards
compatibility on released versions. I would suspect the same argument
holds for not updating the ActiveRecord package in Fedora and EPEL?
If so, I think it would mean that bumping the required version to
2.2.2 prevents us from pushing 0.25.1 to EPEL. :/ But maybe David or
others know differently -- I surely don't know the rails stack well.
But I can understand the pickle that trying to support older versions
puts everyone in. (I do wish that the rails folks wouldn't make
things so ...interesting.)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Going to trial with a lawyer who considers your whole life-style a
Crime in Progress is not a happy prospect.
-- Hunter S. Thompson
pgp9tOPX0rNve.pgp
Description: PGP signature
