[Mongrel] [ANN] You Will All Die In 1 Week (Mongrel To Require 1.8.6)

Ezra Zygmuntowicz ezmobius at gmail.com
Thu Jun 28 16:13:52 EDT 2007

On Jun 28, 2007, at 1:02 PM, Zed A. Shaw wrote:

> Hopefully that gets everyone's attention.
> Evan Weaver has whined enough to make me do a release to change the  
> requirements on the Mongrel gem so that it doesn't need the  
> cgi_multipart_eof_fix anymore.
> ***************************
> ***************************
> I know Debian guys like to hack things up so that they can keep  
> their users happy, but I have no idea what anyone else is doing.
> In one week I'll release a maintenance version of mongrel that will  
> NOT require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6.
> People who have problems with this better step up and help with  
> testing or coming up with an alternative solution.  As it stands  
> now, either Evan gets to ridicule me for having the fix required in  
> an attempt to protect everyone, or I force everyone to upgrade, or  
> I leave everyone hanging and their applications are all  
> vulnerable.  I'm kind of stuck.
> == What Needs To Happen
> 1) Look at the version number of your Ruby and whether your OS  
> includes the fix already for older versions.  Report this to me if  
> your OS is retarded and is using an vulnerable Ruby.
> 2) Tell me if doing the upgrade will make your entire world  
> implode.  If this means you'll have to actually do an upgrade for  
> once then I guess you better get ready to spend the weekend working.
> 3) If it looks like way too many people are impacted by requiring  
> 1.8.6 then I'll need another solution.
> Thanks for your help folks.


	The only problem with requiring ruby 1.8.6 is that there is no  
production worthy release of 1.8.6 yet. Even the latest patch level  
release from last week has bugs in the new Thread code that are  
resolved in svn but not in any public release yet.

	I know we are still running ruby 1.8.5 and will not run 1.8.6 until  
a real release which fixes the thread deadlock bugs is out. So I urge  
you to wait until 1.8.6 is actually a production worthy release  
before forcing an upgrade on everyone.

	Once 1.8.6 is worthy then I fully support this direction.


-- Ezra Zygmuntowicz 
-- Lead Rails Evangelist
-- ez at engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)

More information about the Mongrel-users mailing list