[Rubygems-developers] Reviewing the Tattle Data (was RubyGemsplaform thread)
Daniel.Berger at qwest.com
Thu Apr 26 14:34:15 EDT 2007
Eric Hodel wrote:
> On Apr 25, 2007, at 12:26, Charles Oliver Nutter wrote:
>> Jim Weirich wrote:
>>> (4) Woah ... the prefix data looks a little revealing. Perhaps that
>>> shouldn't be on the download page (i.e. I now know where one
>>> JRuby developer keeps his JRuby installation).
>> I tend to agree with this one. In most data-gathering software it's
>> considered a big no-no to report personally identifiable information.
>> I'm not particularly enthused that the structure of my JRuby path
>> up in there. I'd also say this information is pretty useless to
>> since there's an infinite number of places people might have Ruby
> How exactly is it sensitive? If I'm able to run code on the box I
> can find ruby, via rbconfig.rb or traversing the filesystem. On the
> other hand, if I had a non-ruby vector for getting into your machine,
> I'm sure there's lots of other stuff I'd compromise before I got
> around to messing with your ruby installation.
Little did you know that he's running RubyOS! Finding his Ruby
intepreter would bring down the whole shebang. Literally.
It's a joke people!
More information about the Rubygems-developers