I have build an application. My shared web server is with DreamHost.
The
permitted Rails version is 3.0.3, and permitted Ruby version is 1.8.7.
With this information, when I recently announced here that I had made
some
progress in better utilizing table associations, a member here, Colin
Law,
responded:
“Rails 3.0 is long obsolete and, I believe, no longer receives even
security updates, it should not be used for production applications.”
What are the facts here? Are none of you using Rails 3.x?
Thanks,
Liz McGurty
On Wed, Jun 3, 2015 at 3:11 PM, Elizabeth McGurty [email protected]
wrote:
With this information, when I recently announced here that I had made some
progress in better utilizing table associations, a member here, Colin L.,
responded:
“Rails 3.0 is long obsolete and, I believe, no longer receives even security
updates, it should not be used for production applications.”
What are the facts here?
–
Hassan S. ------------------------ [email protected]
twitter: @hassan
Consulting Availability : Silicon Valley or remote
Support to Rails 3.0 is stopped.You can use Rails 3.2.X
The maintenance policy is documented in this guide:
http://guides.rubyonrails.org/maintenance_policy.html
As you see, 3.0 is unmantained, and so is 3.2 for the most part since it
would get fixes only for severe security issues.
On 3 June 2015 at 23:11, Elizabeth McGurty [email protected] wrote:
I have build an application. My shared web server is with DreamHost. The
permitted Rails version is 3.0.3, and permitted Ruby version is 1.8.7.
I know you said you did not want me to try to help you, but this
apparently tells you how to install a later version of Rails (and
Ruby, since 1.8.7 is also out of support) on Dreamhost.
http://wiki.dreamhost.com/RVM
I cannot personally see any reason to start a new application with
anything other than the latest current version of Rails. I believe
even 3.2.x will go out of support very shortly, though I cannot
immediately find the announcement where I believe I saw that.
Colin
On Wednesday, June 3, 2015 at 11:11:41 PM UTC+1, Elizabeth McGurty
wrote:
What are the facts here? Are none of you using Rails 3.x?
You’ve had some answers about rails, but ruby 1.8.7 is also no longer
receiving security updates from the ruby core team (some linux
distributions are back porting security fixes).
Even if you are stuck on rails 3.0.x, you really don’t want to use 3.0.3
the last in that series was 3.0.20 - you’re missing out on nearly 2.5
years
of bug fixes & security fixes,such as
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ
https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM
https://groups.google.com/forum/#!topic/rubyonrails-security/l4L0TEVAz1k
You are almost certainly vulnerable to remote code execution, sql
injection
etc.
Fred
On Thu, Jun 4, 2015 at 9:33 AM, Colin L. [email protected] wrote:
I cannot personally see any reason to start a new application with
anything other than the latest current version of Rails. I believe
even 3.2.x will go out of support very shortly, though I cannot
immediately find the announcement where I believe I saw that.
It is a consequence of the maintenance policy linked above.
Note the guide documents the general rules, and then to ease things says
what the rules mean today in terms of specific version listings. But the
rules are what matters.
3.2 is getting fixes for severe security fixes (not bug fixes, not
regular security fixes for some value of regular), because it is the
last
major release series.
When Rails 5 is out, the last major release series is going to be Rails
4,
so Rails 3.2 is not going get any update of any kind. Frozen.
On 4 June 2015 at 08:49, Xavier N. [email protected] wrote:
On Thu, Jun 4, 2015 at 9:33 AM, Colin L. [email protected] wrote:
I cannot personally see any reason to start a new application with
anything other than the latest current version of Rails. I believe
even 3.2.x will go out of support very shortly, though I cannot
immediately find the announcement where I believe I saw that.
It is a consequence of the maintenance policy linked above.
Yes, you are right, thanks. I had not read it carefully enough.
Cheers
Colin
My site – www.echomarket.org – is humanitarian in purpose, and
non-profit. Which is not to say that it doesn’t deserve the best
environment. I would be more than happy to embrace the most recent
version of Rails. However, I have been constrained by finances at both
the
level of a Rails IDE and my web server (host) provider. When my site
experiences more participation and hopefully corresponding donations,
then
I will look into assuming more expense. However, in the meantime, if
you
are aware of a free or very inexpensive Rails host that is committed to
upgrading with new Rails releases, I would love if you share that
information.
Thanks,
Liz
Obsolete is a relative term. Would you buy a car when there was no way
to obtain replacement parts? As a soldier, I wouldn’t want to go into
battle with WWII equipment…but it is better than using Civil War
equipment.
Rails 3.x was a great version with many improved features but there no
way I would start a new project with 3.0.3.
On Friday, June 5, 2015 at 1:00:37 PM UTC+1, Elizabeth McGurty wrote:
information.
heroku is a good place to start. It can get expensive at the high end
but
they have some free and low cost plans that are great for getting
started.
Fred
Liz,
You need to be aware that there are two components to upgrading a Rails
app.
-
The first and most important part should be done by a seasoned
developer. This happens on their local dev environment. The developer
changes Ruby, Rails and dependent gems and may need to rewrite parts of
your app to ensure it still works. Some gems that your app uses may no
longer be maintained, and your Rails code may be using code that has
been
removed in newer versions. This effort required here is depends on the
age
between your current and destination versions.
-
The second piece is upgrading your hosting environment. Some hosting
platforms make this part super easy, but it’s generally not too
difficult
to accomplish.
If you do 2) before 1) you will most likely have a completely broken
app.
That’s why there is no automatic upgrade path.
*Bottom line: *you need an experienced developer to upgrade your Rails
app.
-Wale
railsfever.com
Thanks… I think you misunderstand. I am just looking for cheap
services,
not to have the work done for me. I have performed successfully many
Ruby
on Rails upgrades… DreamHost, for example, provides as a matter of
policy no support for Ruby on Rails. I set up the environment myself.
And
since 2011, I have deployed three application through DH. Further, I
also
have very significant and highly praised professional experience in
ColdFusion, ASP.Net, PHP, Ruby on Rails.
Liz
Liz, the point above about using RVM (or similar) is that you can
install
in your user account the latest versions of ruby and rails without
issue,
however, being a longish user of Dreamhost myself (although I dont host
‘customer’ websites there myself), because of their lack of official
support for later stuff (last time I looked)
That being said however, you can get a VPS with someone like Digital
Ocean
(or many others) for anywhere from $5 a month upwards, and for a small
traffic site, that is probably more than enough.
If you are not doing ‘devops’ functions (i.e you know how to code in
Ruby/Rails but are not aware of all the nuances of running a server -
patching/upgrades etc), then you may need to learn a few things,
however,
if you want to talk to me off-list I can give you some pointers. Looking
at
Dreamhosts current offfers, you are probably paying more than $5 a month
for the hosting anyway.
Depending on where you want to host (country), you can find lots of very
good offers on www.lowendbox.com, which will give you VPS you
(virtually)
control, so you can install what you need on them for (in most cases)
%5-$10 per month.