Heroku Ruby部署已禁用-为什么使用buildpack_url有风险?
[英]Heroku Ruby Deploys Disabled - Why is using a buildpack_url risky?
问题描述
I want to push out changes, but it's not completely necessary right now. 
我想推动更改,但是现在还没有完全必要。 Why does Heroku say that setting a custom BUILDPACK_URL is risky? 为什么Heroku会说设置自定义BUILDPACK_URL是有风险的? https://status.heroku.com/incidents/489 https://status.heroku.com/incidents/489
Is it risky because it's overriding the block and it's a gamble whether the gems I'm using have been tampered with? 因为它覆盖了整个区块,是否冒险,是否正在篡改我所使用的宝石?
How long would you expect this block to last for? 您希望这个区块持续多久? I'm sure the rubygems.org team is working as fast as they can. 我确信rubygems.org团队会尽快运作。
1 个解决方案
解决方案1
0 已采纳 2013-01-30 21:23:08
As you said, it is risky because a malicious gem might be installed from rubygems.org which could compromise your application. 如您所说,这是有风险的,因为可能从rubygems.org安装了恶意的gem,这可能危害您的应用程序。 However, if you made no changes to your Gemfile/Gemfile.lock since the last deploy you should be fine since rubygems.org will not be hit during deploy. 但是,如果自上次部署以来未对Gemfile / Gemfile.lock进行任何更改,则应该没问题,因为在部署期间不会击中rubygems.org。
But unless you really know what you're doing you're better of waiting until the rubygems.org team has checked all gems. 但是除非您真的知道自己在做什么,否则最好等到rubygems.org团队检查了所有宝石。 It shouldn't take too long. 不应花太长时间。 You can follow their progress on twitter . 您可以在twitter上关注他们的进度。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.