|
|
|
|
|
|
by davesmylie
5420 days ago
|
|
|
This is exactly what I've been doing since the start of this year - though not for security, but for reliability. I just feel more comfortable knowing that all my developers will be running the exact same specified version of the gems as every body else. The big downside to this is that by missing out on the small incremental updates, when you do decide to update (or are forced to), then the chances of something breaking are pretty high as you suddenly leap up 27 versions of the gem. (Which of course makes you want to upgrade less often, which just makes the problem worse =) I really hadn't thought too much about the security implications of the Gems - this is definitely something I'll need to start considering... |
|
|