Closed knovoselic closed 9 years ago
-1 using bin/ is not safe.
if you want to load bundler use rubygemsbundled gem or stop using bundler and do the same with rubygems and single environment variable
@mpapis I agree about bundle exec, I haven't thought this through. But why is using bin/ not safe?
@mpapis thanks. Running bin/rake
isn't the same as adding bin
to you $PATH
. The only way that it can be exploited is if someone is going to commit malicious script into the repo, or am I missing something?
malicious code is the only concern here, it's no difference if bin/
is in PATH
or not, running scripts from there requires extra caution and should not be done in automated way
as for my earlier email instead of rubygemsbundled
I meant rubgems-bundler - which makes this pull request obsolete as proper behaviour is achieved without any changes to pre-commit
.
Ok, thanks, I'll checkout rubygems-bundler.
Correct way to run rake in rails 4 app is to use binstubs. If spring is configured this also means that rake will load faster. If binstub for rake (
bin/rake
) doesn't exist,bundle exec rake
will be used instead.