On 02/16/2013 07:07 AM, Slava Vishnyakov wrote:
> I''d like to ask why is Rails fixing it''s version, like
gem ''rails'', ''3.2.12'' ?
> Given the recent attacks on Rails - wouldn''t it be more secure to
not fix the
> version?
> Maybe have something like ''~>3.2.12'' ?
While I agree, I don''t see a valid complaint considering you should be
running bundle outdated yourself a couple of times a week and manually
adjusting your Gemfile, even if it has ~> that is not an excuse not to
manually adjust your versions so that if you have to start with a blank
Gemfile.lock you don''t end up with the older version first.
That said that''s just me, I would never update without updating my
Gemfile too. If you really feel like having this issue fixed please file
a ticket at http://github.com/rails/rails/issues/new
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.