On 02/16/2013 07:07 AM, Slava Vishnyakov wrote:
I'd like to ask why is Rails fixing it's version, like gem 'rails', '3.2.12' ? Given the recent attacks on Rails - wouldn't it be more secure to not fix the version? Maybe have something like '~>3.2.12' ?
While I agree, I don't see a valid complaint considering you should be running bundle outdated yourself a couple of times a week and manually adjusting your Gemfile, even if it has ~> that is not an excuse not to manually adjust your versions so that if you have to start with a blank Gemfile.lock you don't end up with the older version first.
That said that's just me, I would never update without updating my Gemfile too. If you really feel like having this issue fixed please file a ticket at http://github.com/rails/rails/issues/new
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
