I don't mean you any offense, but your response is the kind that makes the entire Ruby community look very bad.
It is perfectly normal for responsible software developers, system administrators and business leaders to get angry or upset by security vulnerabilities. The impact such vulnerabilities can have on an organization is staggering.
When they're exploited, there can be huge sums of money lost. There can be serious legal ramifications. A company's reputation can be destroyed by a single incident. And those are just a few of the consequences.
Even when these vulnerabilities aren't exploited, there are still significant costs associated with fixing them, testing such fixes, deploying the fixes, and so forth.
Software is supposed to bring benefits to its users, not problems and costs. Costly problems with software will make many people angry.
Ruby, Ruby on Rails and some related software have had a very bad time lately. They have caused a lot of problems for a lot of people, and this has indeed resulted in anger and wasted monkey. Some people are making a sensible decision to look toward alternative technologies, to try to minimize their losses.
Instead of labeling such people as "trolls", the Ruby community as a whole needs to engage in some significant self-evaluation. Try to understand why people are expressing what they are, and perhaps even try to learn from what they're saying. Security is important, and the Ruby community needs to learn this fact.
Er, I'm sure this is true, and I'm no Rails fanboy (indeed I've never even used Rails, and haven't written more than 10 lines of Ruby in my life), but the grand-parent poster really does come off as a troll or someone with an axe to grind.
He's vague and inflammatory, and avoids technical details in favor of generically insulting language ("the 'IT security' team describes ruby culture as immature"), apparently more aimed at denigrating a particular community than clarifying any issues or solutions. Much of what he writes is borderline absurd ["Rewriting in python and PHP"... really? PHP is their choice for a better-"engineered" replacement?!]
Everybody sometimes writes vague and snarky posts, but doing so repeatedly is a warning sign...
I was less confused by his claim that the ruby community isn't security oriented (or whatever) by the fact that they decided to switch to PHP, which has a much, much worse track record.
It is perfectly normal for responsible software developers, system administrators and business leaders to get angry or upset by security vulnerabilities. The impact such vulnerabilities can have on an organization is staggering.
When they're exploited, there can be huge sums of money lost. There can be serious legal ramifications. A company's reputation can be destroyed by a single incident. And those are just a few of the consequences.
Even when these vulnerabilities aren't exploited, there are still significant costs associated with fixing them, testing such fixes, deploying the fixes, and so forth.
Software is supposed to bring benefits to its users, not problems and costs. Costly problems with software will make many people angry.
Ruby, Ruby on Rails and some related software have had a very bad time lately. They have caused a lot of problems for a lot of people, and this has indeed resulted in anger and wasted monkey. Some people are making a sensible decision to look toward alternative technologies, to try to minimize their losses.
Instead of labeling such people as "trolls", the Ruby community as a whole needs to engage in some significant self-evaluation. Try to understand why people are expressing what they are, and perhaps even try to learn from what they're saying. Security is important, and the Ruby community needs to learn this fact.