[tptacek]

I'm going to go exactly with the grain of all my previous comments here and call you full of it.

Did you read the post? We reported this over a year ago. We notified them repeatedly. We withheld the name of the vendor for over a year as a courtesy. They started with a "soft no", and, when Dave checked in a few months later, they simply ignored our email.

Also: 37Signals has nothing to do with the recent Ruby "controversy" (where by controversy, you mean "someone found security vulnerabilities in it, and some blogger freaked out about it"). 37Signals doesn't produce Ruby; an Open Source team does.

The issue here is that one of 37Signals signature philosophies is "just say no" and be true to your own vision of your product when users request things you don't want to do. Fine. But there's a slippery slope to that logic, and you need to be careful not to fall down it. Some requests that you don't want to do, especially when they come from paying customers, can't be blown off.