

Ruby’s Vulnerability Handling Debacle - luckystrike
http://www.matasano.com/log/1079/rubys-vulnerability-handling-debacle/

======
Tamerlin
What disappoints me the most is that the RoR maintainers made almost exactly
the same mistake a couple of years ago, trying to keep a security flaw under
wraps rather than being forthright about it.

~~~
jrockway
It's an ego thing. Nobody wants to admit the fact that they made a major
mistake.

I look at it differently, though. It's your fault if you use open-source
software that's insecure. The code is right there; if finding the
vulnerability was so simple to find and fix, you could have found and fixed it
yourself. Since you didn't do that, you really have no right to deride the
developer for also missing it.

It's easy to play blogger pundit, but harder to write software that people
find useful.

