- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: Opscode Upgrade to Embedded Ruby
- Date: Thu, 27 Jun 2013 18:38:06 -0700
On Jun 27, 2013, at 6:32 PM, Tommy Fotak
<
>
wrote:
>
Hi,
>
>
What is the policy of Chef releases with regard to Ruby releases?
>
>
For example there are ruby 1.9.3-p448 and 2.0.0-p247 releases that fix an
>
SSL vulnerability, will Opscode make an 11.4.4 release with a new embedded
>
Ruby?
>
>
Are we better off using the Chef gem in our managed Rubies over the Omnibus?
The relevant bug fix just blocks a potential issue in how Ruby verifies SSL
certificates. Chef sets :verify_none by default, so there is technically no
risk of hitting the bug :-) (the astute reader will note that this is because
there is never any validation)
--Noah
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Archive powered by MHonArc 2.6.16.