Eric Hodel wrote: > How exactly is it sensitive? If I'm able to run code on the box I > can find ruby, via rbconfig.rb or traversing the filesystem. On the > other hand, if I had a non-ruby vector for getting into your machine, > I'm sure there's lots of other stuff I'd compromise before I got > around to messing with your ruby installation.
I just don't like personally-identifiable information about my filesystem layout to be published without my knowledge. Someone noisier than me will start causing trouble for that eventually. Sure, it's not a big deal, but it's exactly the kind of thing security folks frown on. Also, how is this information even useful? Is there a good reason to grab and publish the install prefix for every Ruby that tattles? - Charlie _______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
