RubyForge project and gem distriubtion

[James Britt]

Toronto is still EST, but it's reasonably cheap and easy to get to.
Plus, I live here

Well, there ya go.

New York City is fairly close. Before I moved out West I took a trip to
Toronto. Short hop. Great place. Hockey Hall of Fame.

Stopped off once, too, on a trip from Phoenix to Munich (which is where
I'm headed right after this upcoming RubyConf).

I'd vote for Toronto as a conference spot.


James

 

[Dmitry V. Sabanin]

Release the file like you would any file (in the Files tab). RubyForge
picks them up and puts them in the repo, and they are (within an hour for
now) available for remote download.

Richard, aside of all that RubyGems security/design flaws flame, I want to thank you and Tom
for that feature. I'm releasing a third Gem via RubyForge, and it's really a time-saving thingy.
Thanks guys, great job.

 

[David Ross]

Richard, aside of all that RubyGems security/design
flaws flame, I want to thank you and Tom
for that feature. I'm releasing a third Gem via
RubyForge, and it's really a time-saving thingy.
Thanks guys, great job.

Flame? no critique, you don't care about your
security. I do. Theres a difference. Easiness over
security is a bad design. Someone is going to end up
making an example. I just hope nothing happens as bad
as ruby-lang.org crack attack.

----------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo.com
----------------------------------




__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

 

[Dmitry V. Sabanin]

Flame? no critique, you don't care about your
security. I do. Theres a difference. Easiness over
security is a bad design. Someone is going to end up
making an example. I just hope nothing happens as bad
as ruby-lang.org crack attack.

Oh, sorry.. I do care. But the fact that I care means that I prefer to check
the code I use by myself. AFAIK, RubyGems is not auto-updating packages
from net without my control, so I always have a choice to install package or not.

<flame>
P.S. I'm not going to discuss this, this thread reminds me an old argument of
proprietary software fans that's always used against open source.
If you think that RubyGems, RPA or Ruby offends security of your server,
just rm -Rf it.
Anyway, the most secure server is the one without network interface and even so,
someone can throw it out of the window.
</flame>

Let's stop this thread. I've mailed Rich to say thankyou and you came here with
same things that you already said zillion times before.

 

[Francis Hwang]

People who download shouldn't have to be cautious as
to look at the code. It should be up to someone else.

A remarkable statement, that. Life would be a lot easier if all sorts
of things were up to somebody else, but that's not how life works.

Why can't programmers be responsible for the stuff they download?
Nobody's holding a gun to your head forcing you to install a library
as root.

Francis

 

[Alexander Kellett]

A remarkable statement, that. Life would be a lot easier if all sorts
of things were up to somebody else, but that's not how life works.

Why can't programmers be responsible for the stuff they download?
Nobody's holding a gun to your head forcing you to install a library
as root.

oh come on.
stop being stupid please people.
this is just pathetic.

Alex

 

[Hal Fulton]

A remarkable statement, that. Life would be a lot easier if all sorts
of things were up to somebody else, but that's not how life works.

Why can't programmers be responsible for the stuff they download?
Nobody's holding a gun to your head forcing you to install a library
as root.

Thank you, Francis. A quite sensible reply.

Hal

 

[James Britt]

Thank you, Francis. A quite sensible reply.

Yes. I might add that, the more someone tells me that I should be happy
to let someone else look after my best interests, the more suspicious I
become of them.

So, I'd like to thank Mr. Ross for reminding me that people who
download must be cautious, and look at the code. It cannot be up to
someone else.

James

 

[David Ross]

Yes. I might add that, the more someone tells me
that I should be happy
to let someone else look after my best interests,
the more suspicious I
become of them.

Wow, you must be suspicious of all developers then,
they all look after your best interest.

Actually, its not really a matter to be suspicious
about. Its just a way to let someone else maintain and
deal with crap. I have seen quite a few very
improperly coded ruby libraries out there. One of the
steps in Batsman's next near phase is to get a QA
team. Examining code, giving rating on how it might be
improperly coded.

A very good example of bad ruby code would be
Raimo(AIM library). No offense, but the college kid
who wrote it can't code worth a damn . I was shocked
when I read the code, I was even more shocked to know
that the author of raimbo ( aim raim bot using raimo )
just copied the code. (raimo) There were ';'s after
each line, there was some spaghetti code. It was
*horrible*. This is the type of QA besides 'security'
that needs to be handled.

So, I'd like to thank Mr. Ross for reminding me that
people who
download must be cautious, and look at the code. It
cannot be up to
someone else.

I have to disagree, other people seem to do well
looking at other code. Debian's QA team does a good
job of backporting (updated patches etc) the debian
pacakges. So, it can be left up to someone else. This
is the best way, like it or not.

James

------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: dross [at] yahoo [dot] com
------------------------------------



__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

 

[Richard Lyman]

A very good example of bad ruby code would be
Raimo(AIM library). No offense, but the college kid
who wrote it can't code worth a damn . I was shocked
when I read the code, I was even more shocked to know
that the author of raimbo ( aim raim bot using raimo )
just copied the code. (raimo) There were ';'s after
each line, there was some spaghetti code. It was
*horrible*.

Mr. Ross,

Based soley on your treatment of others in this thread of emails
alone, I would intentionally not use anything from any
packaging/delivery system if you happened to be on an approval
committee for it or even somehow involved in the approval system.

It's sad to see someone like you taint this community with your
inability to be socially graceful. I've always appreciated the fact
that there are many here who willingly and respectfully help others
through the process of growing into who they can become.

There's always a gentle and non-inflamatory way of getting a point across.

While you might have a point, and I might even have agreed to it,
your insensitive methods of delivery have left a bad taste in my mouth
that has soured any valid point of view you might have had.

Maybe you could bring more change about by being a bit... nicer.

While you might find offense in what I have said I did not mean any.

Do you happen to have ... non-horrible code that I can look at to
help me in my process of growth?

I wasn't able to find any entries on the RAA for 'David Ross', and
Rubyforge had you as project admin for rubycc, but I couldn't find any
source code to look at.

Hoping for respectful help,
-Rich

 

[David Ross]

Based soley on your treatment of others in this
thread of emails
alone, I would intentionally not use anything from
any
packaging/delivery system if you happened to be on
an approval
committee for it or even somehow involved in the
approval system.

I happen to be right on many points, it would be a
great loss for you and others not to use rpa just
because I recommended ideas on what past package
mangers failed in the past, how they could have been
better, and help him with improving existing user to
rpa experience.

It's sad to see someone like you taint this
community with your
inability to be socially graceful. I've always
appreciated the fact
that there are many here who willingly and
respectfully help others
through the process of growing into who they can
become.

I am aware of my socializing problem :/ I am not nice
to people over the net for some reason, however I am
nice in person. You are right I could be nicer in my
amils, I could say "horrible" in nicer words. I think
I answered that previous email without thinking how
awful I was calling the raimo and raimbo code.

There's always a gentle and non-inflamatory way
of getting a point across.

Yes there is I know

While you might have a point, and I might even
have agreed to it,
your insensitive methods of delivery have left a bad
taste in my mouth
that has soured any valid point of view you might
have had.

I wouldn't say ideas get soured. More like its more
difficult for people to believe me like in.. the boy
who cried wolf?

Maybe you could bring more change about by being
a bit... nicer.

I know, I have had past problems with the way I talk
to people.

While you might find offense in what I have said
I did not mean any.

Do you happen to have ... non-horrible code that
I can look at to
help me in my process of growth?

errr, like?

I wasn't able to find any entries on the RAA for
'David Ross', and
Rubyforge had you as project admin for rubycc, but I
couldn't find any
source code to look at.

I really need to change the project name I have
been reading in to using a compiler. TenDRA has many
nice points. I am sure it could be less difficult to
straight compile code.

Hoping for respectful help,
-Rich

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------



__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

 

[David Ross]

Okay, dig through my bad grammar. I need to learn how
to reply before my 0300 tea.

I happen to be right on many points, it would be a
great loss for you and others not to use rpa just
because I recommended ideas on what past package
mangers failed in the past, how they could have been
better, and help him with improving existing user to
rpa experience.

(* /me stabs the English language a bit)

I am aware of my socializing problem :/ I am not
nice
to people over the net for some reason, however I am
nice in person. You are right I could be nicer in my
amils, I could say "horrible" in nicer words. I
think
I answered that previous email without thinking how
awful I was calling the raimo and raimbo code.

I wouldn't say ideas get soured. More like its more
difficult for people to believe me like in.. the boy
who cried wolf?

(* /me stabs a bit more for using ..)

I really need to change the project name I have
been reading in to using a compiler. TenDRA has many
nice points. I am sure it could be less difficult to
straight compile code.

(* /me stabs self with smiley)

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------



__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

 

[Nicholas Van Weerdenburg]

A town that produced Jim Carrey and Mike Meyers has got to be fun
(shameless plug- I grew up there).

Good theatre district too- sortof a New York Lite.

And don't forget the tallest freestanding structure in the world- the CN
Tower. And Niagra Falls is only 90 minutes away. And if you ever wanted
to see a football game with only 3 downs, the CFL is your game .

Nick

 

[Nicholas Van Weerdenburg]

I can't agree with that. That's exactly how life works. Progress and
civilization are based on relying on other people to do most of the
work. That lets us focus on more interesting, complex, beneficial and
novel problems. Technological advancement is based on automation and
simplification.

The logistics of programmers having to review all or any significant
amount of the code they download is overwhelming. An trust mechanism is
an absolute necessity for any non-trivial software, whether distributed
as a binary file or source. That trust mechanism can be informal-
indeed, the ruby community provides that somewhat. You know who people
are after a while, and there are enough eyes looking and information
flowing to offer a certain level of security.

I already spend too much of my time sleep deprived to have to do
security audits of the library code I download (rake, ruby gems itself,
DBI, and so on). And, you'd have to do it for each release. Plus, you'd
need a PKI identity infrastructure, cerificates, etc. as who's to say
you'd find a clever trojan or virus buried in 50 000 lines of ruby code
from a non-trivial library.

"People who download shouldn't have to be cautious as
to look at the code. It should be up to someone else."

To me, this is an essential truth, similar to the fact that I shouldn't
have to know how an internal combustion engine works to drive a car.
Simplication and abstraction- whether in technology or security- is what
got us down from the trees, so to speak.

Now what is workable is another story. I'm fond of informal implicit
security where possible. This list, RubyForge, and the general Ruby
Zeitgeist provide a fairly good amount of comfort. I haven't worried
about downloading and installing Rake or Iowa because of that. However,
having an extra bit of energy in this area does seem to be a good idea.

Regards,
Nick