On Sun, 2012-07-15 at 12:37 +0200, Jonas Smedegaard wrote: > Correct, Diaspora is written in Rails, which unfortunately is > similarly > worrisome as PHP: even if (arguably) the underlying Ruby language has > saner coding style and community habits, Ruby on Rails tend to focus > on > rapidly mashing things together rather than caring about security.
I work in a programming languages research group, and while I'm not on any of the teams that work on Ruby, I do know that my advisors and colleagues hold Ruby on Rails in much higher esteem than they do PHP. While they wouldn't have a job if there weren't language-level problems in the Rails framework that they could fix (and sometimes, security-related problems), it is *much* better than PHP. Rapidly mashing things together isn't inherently bad; a good language and environment should generally keep you from doing bad things. Further, I'm not convinced that spending lots of time dutifully stroking one's beard and "caring about security" is actually correlated with less security bugs, compared to having decent separation of concerns and seeing security as more of a framework property than an application property. -- Sent from Ubuntu
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
