Mongrel users - Jun 2007 - You Will All Die In 1 Week (Mongrel To Require 1.8.6)

Hopefully that gets everyone''s attention.

Evan Weaver has whined enough to make me do a release to change the requirements
on the Mongrel gem so that it doesn''t need the cgi_multipart_eof_fix
anymore.

***************************
THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER!  NO
EXCEPTIONS!
***************************

I know Debian guys like to hack things up so that they can keep their users
happy, but I have no idea what anyone else is doing.

In one week I''ll release a maintenance version of mongrel that will NOT
require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6.

People who have problems with this better step up and help with testing or
coming up with an alternative solution.  As it stands now, either Evan gets to
ridicule me for having the fix required in an attempt to protect everyone, or I
force everyone to upgrade, or I leave everyone hanging and their applications
are all vulnerable.  I''m kind of stuck.

== What Needs To Happen

1) Look at the version number of your Ruby and whether your OS includes the fix
already for older versions.  Report this to me if your OS is retarded and is
using an vulnerable Ruby.
2) Tell me if doing the upgrade will make your entire world implode.  If this
means you''ll have to actually do an upgrade for once then I guess you
better get ready to spend the weekend working.
3) If it looks like way too many people are impacted by requiring 1.8.6 then
I''ll need another solution.

Thanks for your help folks.

-- 
Zed A. Shaw
- Hate: http://savingtheinternetwithhate.com/
- Good: http://www.zedshaw.com/
- Evil: http://yearofevil.com/

> 2) Tell me if
> doing the upgrade will make your entire world implode.  
This will make my world implode as I''m dependent on Ruby 1.8.5. Ruby 
1.8.6 has some bugs that effect most of my projects.

With Ruby 1.8.6 you have a lot of problems with continuous integration 
tools as Ruby 1.8.6 returns a wrong return code on test runs with 
test/unit. Further 1.8.6 changes some Date functions that break my code. 
Some of this is fixed in the trunk but AFAIK not all in the latest patch 
release.

So, please do not make Mongrel dependent on Ruby 1.8.6.
> 
> Thanks for your help folks.
> 
Jonathan

-- 
Jonathan Weiss
http://blog.innerewut.de

On Jun 28, 2007, at 1:02 PM, Zed A. Shaw wrote:
> Hopefully that gets everyone''s attention.
>
> Evan Weaver has whined enough to make me do a release to change the  
> requirements on the Mongrel gem so that it doesn''t need the  
> cgi_multipart_eof_fix anymore.
>
> ***************************
> THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR  
> GREATER!  NO EXCEPTIONS!
> ***************************
>
> I know Debian guys like to hack things up so that they can keep  
> their users happy, but I have no idea what anyone else is doing.
>
> In one week I''ll release a maintenance version of mongrel that
will
> NOT require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6.
>
> People who have problems with this better step up and help with  
> testing or coming up with an alternative solution.  As it stands  
> now, either Evan gets to ridicule me for having the fix required in  
> an attempt to protect everyone, or I force everyone to upgrade, or  
> I leave everyone hanging and their applications are all  
> vulnerable.  I''m kind of stuck.
>
> == What Needs To Happen
>
> 1) Look at the version number of your Ruby and whether your OS  
> includes the fix already for older versions.  Report this to me if  
> your OS is retarded and is using an vulnerable Ruby.
> 2) Tell me if doing the upgrade will make your entire world  
> implode.  If this means you''ll have to actually do an upgrade for
> once then I guess you better get ready to spend the weekend working.
> 3) If it looks like way too many people are impacted by requiring  
> 1.8.6 then I''ll need another solution.
>
> Thanks for your help folks.

Zed-

	The only problem with requiring ruby 1.8.6 is that there is no  
production worthy release of 1.8.6 yet. Even the latest patch level  
release from last week has bugs in the new Thread code that are  
resolved in svn but not in any public release yet.

	I know we are still running ruby 1.8.5 and will not run 1.8.6 until  
a real release which fixes the thread deadlock bugs is out. So I urge  
you to wait until 1.8.6 is actually a production worthy release  
before forcing an upgrade on everyone.

	Once 1.8.6 is worthy then I fully support this direction.

Thanks

-- Ezra Zygmuntowicz 
-- Lead Rails Evangelist
-- ez at engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)

Hi, Zed,

As far as mainstream Linux distros go, 1.8.6 is too bleeding edge.
Practically none of them has it. I''m talking about (in no particular
order):
  * RedHat Enterprise Linux 4 and 5,
  * CentOS 4 and 5,
  * Fedora Core 6 (FC7 has Ruby 1.8.6 p36 by now)
  * Debian Sarge and Etch
  * Ubuntu 6 and 7 (Edgy and Feisty)

As Ezra just pointed out, the latest 1.8.6 tag has some interesting
threading problems.

--
Alex Verkhovsky
RubyWorks

On Thu, 28 Jun 2007 13:13:52 -0700
Ezra Zygmuntowicz <ezmobius at gmail.com> wrote:
> 
> On Jun 28, 2007, at 1:02 PM, Zed A. Shaw wrote:
> 
> > Hopefully that gets everyone''s attention.
> >
> > Evan Weaver has whined enough to make me do a release to change the  
> > requirements on the Mongrel gem so that it doesn''t need the  
> > cgi_multipart_eof_fix anymore.
> 	The only problem with requiring ruby 1.8.6 is that there is no  
> production worthy release of 1.8.6 yet. Even the latest patch level  
> release from last week has bugs in the new Thread code that are  
> resolved in svn but not in any public release yet.
Awesome!  That''s the exact answer I need from someone who''s
actually doing real stuff.

So, 1.8.6 isn''t viable, that means this cgi fix needs a more official
standing so that it''s maintained.  Evan''s doing it in his
project but maybe a more official ruby-core-is-lazy-hot-fixes project?

Thanks a ton Ezra.

-- 
Zed A. Shaw
- Hate: http://savingtheinternetwithhate.com/
- Good: http://www.zedshaw.com/
- Evil: http://yearofevil.com/

On Thu, 28 Jun 2007 22:12:03 +0200
Jonathan Weiss <jw at innerewut.de> wrote:
> With Ruby 1.8.6 you have a lot of problems with continuous integration 
> tools as Ruby 1.8.6 returns a wrong return code on test runs with 
> test/unit. Further 1.8.6 changes some Date functions that break my code. 
> Some of this is fixed in the trunk but AFAIK not all in the latest patch 
> release.
What?  That''s lame.  You can''t be serious.  Even more reasons
why I can''t require 1.8.6.  Great!  Just needed that little debate
settled.

-- 
Zed A. Shaw
- Hate: http://savingtheinternetwithhate.com/
- Good: http://www.zedshaw.com/
- Evil: http://yearofevil.com/

On 6/28/07, Zed A. Shaw <zedshaw at zedshaw.com>
wrote:
> > With Ruby 1.8.6 you have a lot of problems with continuous integration
> What?  That''s lame.
This was fixed in p36, so not an issue anymore.
--
Alex

On Jun 28, 2007, at 4:02 PM, Zed A. Shaw wrote:
> Hopefully that gets everyone''s attention.
Yeah, I wondered if the incessant spammers on the RoR list had  
finally made it here.  And also their subject lines were getting  
better at fitting in.

-faisal