Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix fdset memory leak #586
added a commit
this pull request
Feb 10, 2015
Feb 10, 2015
1 check was pending
@indirect a memory leak that will take out your server at 3AM in the morning while you are sleeping is arguably just as important as a security flaw, perhaps even more.
Its a tough call to make, but I think "security only" should be a policy that should have a bit of movement for cases such as this, especially since it is so hard to diagnose.
@SamSaffron well, that's why it's my recommendation rather than my demand. :)
More seriously, it's a tradeoff. Some people are apparently using this version without any problems, and those people will have their ability to develop or deploy arbitrarily broken by a yank. Other people have a potential problem of a memory leak taking down their app servers. I have no idea which group of people is bigger or more important, but my general advice is (and has been) to not yank and ask people to upgrade instead, in order to reduce breakage.
@indirect I totally get where you are getting at.
The thing that is really hurting our ecosystem is that there is no way of communicating this kind of stuff outside of yanking.
Sure, Aman can tweet about it, but at best it will reach a fraction of the users. The homepage here could be updated but really nobody is going to the readme for news on a regular basis, when you are lugging around 200 dependencies its just not practical to subscribe to every stream of information.
What we really need is a way to be able to simply flag a gem as "problematic", then next "bundle install" can output