

The state of Django and Ruby on Rails - one year later - fallenhitokiri
http://screamingatmyscreen.com/2013/8/the-state-of-django-and-ruby-on-rails-one-year-later/

======
bhauer
Great writeup, fallenhitokiri. A shame it didn't see more upvotes when you
posted it to get some attention on the home page.

~~~
fallenhitokiri
Thanks :) even if it didn't make on the frontpage I already received two mails
from "just starting out developers" who found it useful, so I'm satisfied :)

------
targusman
I migth not like Django, but its security is 100x better than Rails. Django
fixes stuff right away, and doesn't have any stupid Yaml.load() bullshit.

~~~
fallenhitokiri
I'm not sure if Djangos YAML-serializer was effected by this bug but TastiePie
did (IIRC) use `load` instead of `safe_load` and suffered the exact same issue
e.x.

You could argue that, no matter how prominent a library is, it does not
reflect the actual framework. While this is true people could start arguing
that Rails doesn't really have an admin interface and this would change the
comparison I did.

