[Rubygems-developers] Reviewing the Tattle Data (was RubyGems plaform thread)

Eric Hodel drbrain at segment7.net
Thu Apr 26 14:14:53 EDT 2007


On Apr 25, 2007, at 12:26, Charles Oliver Nutter wrote:
> Jim Weirich wrote:
>> (4) Woah ... the prefix data looks a little revealing.  Perhaps that
>> shouldn't be on the download page (i.e. I now know where one  
>> prominent
>> JRuby developer keeps his JRuby installation).
>
> I tend to agree with this one. In most data-gathering software it's
> considered a big no-no to report personally identifiable information.
> I'm not particularly enthused that the structure of my JRuby path  
> shows
> up in there. I'd also say this information is pretty useless to  
> report,
> since there's an infinite number of places people might have Ruby  
> installed

How exactly is it sensitive?  If I'm able to run code on the box I  
can find ruby, via rbconfig.rb or traversing the filesystem.  On the  
other hand, if I had a non-ruby vector for getting into your machine,  
I'm sure there's lots of other stuff I'd compromise before I got  
around to messing with your ruby installation.


More information about the Rubygems-developers mailing list