Clarify Version#rely_on_built_at? protects against other incongruent gem dates #3993
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In discussing invalid dates appearing on some
Gem::Specification
in rubygems PR #6859, it was uncovered that this helper method has been inadvertently protectingRubyGems.org
from displaying incorrect build dates in other contexts.Originally used to handle importing gems into the service back in 2003, we discovered that some maintainers utilizing Nix ran into a case where default values for
SOURCE_DATE_EPOCH
were provided as the build date for the gem.rely_on_built_at?
protected users on the website, or accessing gem details via the API, from seeing these incorrect dates.@duckinator wisely suggested to add a comment here, surfacing the inadvertent benefit the method has been carrying. That comment also suggests more documentation around gem builds, and setting
SOURCE_DATE_EPOCH
which I'll leave for separate PR's (and link to, from here, if possible!)