[Rubygems-developers] Reviewing the Tattle Data (was RubyGems plaform thread)
Eric Hodel
drbrain at segment7.net
Thu Apr 26 14:14:53 EDT 2007
On Apr 25, 2007, at 12:26, Charles Oliver Nutter wrote:
> Jim Weirich wrote:
>> (4) Woah ... the prefix data looks a little revealing. Perhaps that
>> shouldn't be on the download page (i.e. I now know where one
>> prominent
>> JRuby developer keeps his JRuby installation).
>
> I tend to agree with this one. In most data-gathering software it's
> considered a big no-no to report personally identifiable information.
> I'm not particularly enthused that the structure of my JRuby path
> shows
> up in there. I'd also say this information is pretty useless to
> report,
> since there's an infinite number of places people might have Ruby
> installed
How exactly is it sensitive? If I'm able to run code on the box I
can find ruby, via rbconfig.rb or traversing the filesystem. On the
other hand, if I had a non-ruby vector for getting into your machine,
I'm sure there's lots of other stuff I'd compromise before I got
around to messing with your ruby installation.
More information about the Rubygems-developers
mailing list