The central point I'm trying to make is this article is being disingenuous. Security is hard, but not so hard that a minute or two of thinking and filing a PR won't prevent the YAML exploits. I don't actually think the Rails community is dumb, that's why this whole thing pissed me off so much because the fact that it was even introduced and existed for so long tells me that thousands of Rails devs have just decided to turn a blind eye over the years.

I'm well aware the Ronin guys BTW, I have mentioned them in a comment in another HN thread a few days back and called for help for those 2 guys.

bauland42 who is behind http://www.rorsecurity.info/ also deserves an honorable mention.

Good luck Rubyists.