Zed A. Shaw
2007-Jun-28 20:02 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
Hopefully that gets everyone''s attention. Evan Weaver has whined enough to make me do a release to change the requirements on the Mongrel gem so that it doesn''t need the cgi_multipart_eof_fix anymore. *************************** THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER! NO EXCEPTIONS! *************************** I know Debian guys like to hack things up so that they can keep their users happy, but I have no idea what anyone else is doing. In one week I''ll release a maintenance version of mongrel that will NOT require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6. People who have problems with this better step up and help with testing or coming up with an alternative solution. As it stands now, either Evan gets to ridicule me for having the fix required in an attempt to protect everyone, or I force everyone to upgrade, or I leave everyone hanging and their applications are all vulnerable. I''m kind of stuck. == What Needs To Happen 1) Look at the version number of your Ruby and whether your OS includes the fix already for older versions. Report this to me if your OS is retarded and is using an vulnerable Ruby. 2) Tell me if doing the upgrade will make your entire world implode. If this means you''ll have to actually do an upgrade for once then I guess you better get ready to spend the weekend working. 3) If it looks like way too many people are impacted by requiring 1.8.6 then I''ll need another solution. Thanks for your help folks. -- Zed A. Shaw - Hate: http://savingtheinternetwithhate.com/ - Good: http://www.zedshaw.com/ - Evil: http://yearofevil.com/
Jonathan Weiss
2007-Jun-28 20:12 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
> 2) Tell me if > doing the upgrade will make your entire world implode.This will make my world implode as I''m dependent on Ruby 1.8.5. Ruby 1.8.6 has some bugs that effect most of my projects. With Ruby 1.8.6 you have a lot of problems with continuous integration tools as Ruby 1.8.6 returns a wrong return code on test runs with test/unit. Further 1.8.6 changes some Date functions that break my code. Some of this is fixed in the trunk but AFAIK not all in the latest patch release. So, please do not make Mongrel dependent on Ruby 1.8.6.> > Thanks for your help folks. >Jonathan -- Jonathan Weiss http://blog.innerewut.de
Ezra Zygmuntowicz
2007-Jun-28 20:13 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
On Jun 28, 2007, at 1:02 PM, Zed A. Shaw wrote:> Hopefully that gets everyone''s attention. > > Evan Weaver has whined enough to make me do a release to change the > requirements on the Mongrel gem so that it doesn''t need the > cgi_multipart_eof_fix anymore. > > *************************** > THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR > GREATER! NO EXCEPTIONS! > *************************** > > I know Debian guys like to hack things up so that they can keep > their users happy, but I have no idea what anyone else is doing. > > In one week I''ll release a maintenance version of mongrel that will > NOT require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6. > > People who have problems with this better step up and help with > testing or coming up with an alternative solution. As it stands > now, either Evan gets to ridicule me for having the fix required in > an attempt to protect everyone, or I force everyone to upgrade, or > I leave everyone hanging and their applications are all > vulnerable. I''m kind of stuck. > > == What Needs To Happen > > 1) Look at the version number of your Ruby and whether your OS > includes the fix already for older versions. Report this to me if > your OS is retarded and is using an vulnerable Ruby. > 2) Tell me if doing the upgrade will make your entire world > implode. If this means you''ll have to actually do an upgrade for > once then I guess you better get ready to spend the weekend working. > 3) If it looks like way too many people are impacted by requiring > 1.8.6 then I''ll need another solution. > > Thanks for your help folks.Zed- The only problem with requiring ruby 1.8.6 is that there is no production worthy release of 1.8.6 yet. Even the latest patch level release from last week has bugs in the new Thread code that are resolved in svn but not in any public release yet. I know we are still running ruby 1.8.5 and will not run 1.8.6 until a real release which fixes the thread deadlock bugs is out. So I urge you to wait until 1.8.6 is actually a production worthy release before forcing an upgrade on everyone. Once 1.8.6 is worthy then I fully support this direction. Thanks -- Ezra Zygmuntowicz -- Lead Rails Evangelist -- ez at engineyard.com -- Engine Yard, Serious Rails Hosting -- (866) 518-YARD (9273)
Alexey Verkhovsky
2007-Jun-28 20:17 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
Hi, Zed, As far as mainstream Linux distros go, 1.8.6 is too bleeding edge. Practically none of them has it. I''m talking about (in no particular order): * RedHat Enterprise Linux 4 and 5, * CentOS 4 and 5, * Fedora Core 6 (FC7 has Ruby 1.8.6 p36 by now) * Debian Sarge and Etch * Ubuntu 6 and 7 (Edgy and Feisty) As Ezra just pointed out, the latest 1.8.6 tag has some interesting threading problems. -- Alex Verkhovsky RubyWorks
Zed A. Shaw
2007-Jun-28 20:24 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
On Thu, 28 Jun 2007 13:13:52 -0700 Ezra Zygmuntowicz <ezmobius at gmail.com> wrote:> > On Jun 28, 2007, at 1:02 PM, Zed A. Shaw wrote: > > > Hopefully that gets everyone''s attention. > > > > Evan Weaver has whined enough to make me do a release to change the > > requirements on the Mongrel gem so that it doesn''t need the > > cgi_multipart_eof_fix anymore.> The only problem with requiring ruby 1.8.6 is that there is no > production worthy release of 1.8.6 yet. Even the latest patch level > release from last week has bugs in the new Thread code that are > resolved in svn but not in any public release yet.Awesome! That''s the exact answer I need from someone who''s actually doing real stuff. So, 1.8.6 isn''t viable, that means this cgi fix needs a more official standing so that it''s maintained. Evan''s doing it in his project but maybe a more official ruby-core-is-lazy-hot-fixes project? Thanks a ton Ezra. -- Zed A. Shaw - Hate: http://savingtheinternetwithhate.com/ - Good: http://www.zedshaw.com/ - Evil: http://yearofevil.com/
Zed A. Shaw
2007-Jun-28 20:27 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
On Thu, 28 Jun 2007 22:12:03 +0200 Jonathan Weiss <jw at innerewut.de> wrote:> With Ruby 1.8.6 you have a lot of problems with continuous integration > tools as Ruby 1.8.6 returns a wrong return code on test runs with > test/unit. Further 1.8.6 changes some Date functions that break my code. > Some of this is fixed in the trunk but AFAIK not all in the latest patch > release.What? That''s lame. You can''t be serious. Even more reasons why I can''t require 1.8.6. Great! Just needed that little debate settled. -- Zed A. Shaw - Hate: http://savingtheinternetwithhate.com/ - Good: http://www.zedshaw.com/ - Evil: http://yearofevil.com/
Alexey Verkhovsky
2007-Jun-28 20:28 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
On 6/28/07, Zed A. Shaw <zedshaw at zedshaw.com> wrote:> > With Ruby 1.8.6 you have a lot of problems with continuous integration > What? That''s lame.This was fixed in p36, so not an issue anymore. -- Alex
Faisal N Jawdat
2007-Jun-29 00:17 UTC
[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)
On Jun 28, 2007, at 4:02 PM, Zed A. Shaw wrote:> Hopefully that gets everyone''s attention.Yeah, I wondered if the incessant spammers on the RoR list had finally made it here. And also their subject lines were getting better at fitting in. -faisal