Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify Version#rely_on_built_at? protects against other incongruent gem dates #3993

Merged
merged 1 commit into from Aug 19, 2023
Merged

Clarify Version#rely_on_built_at? protects against other incongruent gem dates #3993

merged 1 commit into from Aug 19, 2023

Conversation

Daniel-N-Huss
Copy link
Contributor

In discussing invalid dates appearing on some Gem::Specification in rubygems PR #6859, it was uncovered that this helper method has been inadvertently protecting RubyGems.org from displaying incorrect build dates in other contexts.

Originally used to handle importing gems into the service back in 2003, we discovered that some maintainers utilizing Nix ran into a case where default values for SOURCE_DATE_EPOCH were provided as the build date for the gem. rely_on_built_at? protected users on the website, or accessing gem details via the API, from seeing these incorrect dates.

@duckinator wisely suggested to add a comment here, surfacing the inadvertent benefit the method has been carrying. That comment also suggests more documentation around gem builds, and setting SOURCE_DATE_EPOCH which I'll leave for separate PR's (and link to, from here, if possible!)

@Daniel-N-Huss @duckinator
Comment on utility of method for build concerns
33e9119 
Surfaced as part of a rubygems discussion on invalid build dates due to SOURCE_DATE_EPOCH defaults, this method has had the bonus effect of preventing default values provided to a Specification from causing confusion to users browsing published gems.

Co-Authored-By: Ellen Marie Dash <the@smallest.dog>
@segiddins segiddins enabled auto-merge (squash) August 19, 2023 16:39
@codecov
Copy link

codecov bot commented Aug 19, 2023

Codecov Report

Merging #3993 (33e9119) into master (44a1ca9) will not change coverage.
Report is 8 commits behind head on master.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #3993   +/-   ##
=======================================
  Coverage   98.91%   98.91%           
=======================================
  Files         228      228           
  Lines        5550     5550           
=======================================
  Hits         5490     5490           
  Misses         60       60
Files Changed Coverage Δ
app/models/version.rb 98.12% <ø> (ø)

@segiddins segiddins merged commit cf2c247 into rubygems:master Aug 19, 2023
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@segiddins segiddins segiddins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Daniel-N-Huss @segiddins