From: iainspeed@...
Date: 2014-12-08T13:40:01+00:00
Subject: [ruby-core:66744] [ruby-trunk - Feature #10510] Remove REXML	instead of patching it

Issue #10510 has been updated by Iain Barnett.


Erik Michaels-Ober wrote:
> I believe semantic versioning prevents doing this until Ruby 3 is released (many years from now) but I agree that this issue should be added to the Ruby 3 roadmap.

Wedding release schedules to specific version numbers is what got Perl in such a mess. Shouldn't the version numbers follow what happens in the code and not the other way round? If a change means the version number goes up to 3 then so what! The other stuff that would've been in 3 goes in 4��� or 5 or 6.

+1 from me either for the original idea or Luis' idea.

iain

----------------------------------------
Feature #10510: Remove REXML instead of patching it
https://bugs.ruby-lang.org/issues/10510#change-50334

* Author: Michael Grosser
* Status: Open
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
----------------------------------------
 There have been at least 3 rexml vulerabilities to date,
 having to patch ruby just to make sure it's not being used is taking a lot
 of time/effort.
 
 Afaik most people do not use xml anyway (and especially not rexml), just
 for comparison: it would make much more sense to have json included, but
 it's not.
 
 So let's just drop it & make it a gem.



-- 
https://bugs.ruby-lang.org/