Hacker News new | past | comments | ask | show | jobs | submit login

Seriously? It's eminently reasonable to expect you to know the code you're deploying. Perhaps you're a JS developer. I agree it's incredibly difficult to keep up with the churn there, but in my Elixir deps, the updates tend to be less frequent and more reviewable.

Some deps you can trust the owner and just carefully review the change log. Even that would have caught this issue, though I'm not sure I'd count this gem as trustworthy.




I'm not a JS developer, I'm just someone who has shipped enough software to know that the fraction of people reading change logs is vanishingly small.

Maybe you are a very careful developer, but the vast majority out there is not.

Shipping an udate that will corrupt data if you don't read the changelog is very very dangerous.

I see why they did it. Having a method with the same name as in Active Record but with different behavior is also dangerous.

But they really could have handled this better.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: