[Rubygems-developers] Reviewing the Tattle Data (was RubyGemsplaform thread)

Daniel Berger Daniel.Berger at qwest.com
Thu Apr 26 14:34:15 EDT 2007


Eric Hodel wrote:
> On Apr 25, 2007, at 12:26, Charles Oliver Nutter wrote:
>> Jim Weirich wrote:
>>> (4) Woah ... the prefix data looks a little revealing.  Perhaps that
>>> shouldn't be on the download page (i.e. I now know where one  
>>> prominent
>>> JRuby developer keeps his JRuby installation).
>> I tend to agree with this one. In most data-gathering software it's
>> considered a big no-no to report personally identifiable information.
>> I'm not particularly enthused that the structure of my JRuby path  
>> shows
>> up in there. I'd also say this information is pretty useless to  
>> report,
>> since there's an infinite number of places people might have Ruby  
>> installed
> 
> How exactly is it sensitive?  If I'm able to run code on the box I  
> can find ruby, via rbconfig.rb or traversing the filesystem.  On the  
> other hand, if I had a non-ruby vector for getting into your machine,  
> I'm sure there's lots of other stuff I'd compromise before I got  
> around to messing with your ruby installation.

Little did you know that he's running RubyOS! Finding his Ruby 
intepreter would bring down the whole shebang. Literally.

It's a joke people!

Dan



More information about the Rubygems-developers mailing list