I’m finding it hard to stay on top of updates to the 50+ gems/plugins
etc we are using.
I think there is a need for a single discussion/rss feed which ONLY
includes notifications for Mandatory upgrades for any Ruby on Rails
associated tools.
Does anyone know if there is something like this, and if not what level
of support is there for creating and using it?
I’m happy to set up a google group but I can’t admin/moderate it.
but … i dont think a mailing list or feeds are good solutions for
this. Both aproaches need an extra effort from developers and for
users.
gem is good enough for this task, using version numbers to indicate
security fixes is what we should do, but for now gem is not smart
enough to do something like this:
$ gem --update --security [gem list / all by default ]
and gem should update all installed gems with only an increment in the
patch number. I mean, if there is a gem call mygem 2.0.0 and my gem
1.2.4, and you have installed mygem 1.2.3, using the security flag gem
should install 1.2.4 instead of 2.0.0 as gem actually do.