I don't think the GP is criticizing the article, he's using the article to criticize Rails. Not so much "nothing to see here" as "well, what did you expect from Rails?".

(I'm explaining what I think the GP meant, not my position; I'm an old Perl guy, still undecided on the overall trade-offs offered by Rails)

Yes, I was pointing out that Rails made backwards-incompatible changes to core functionality in a point release primarily targeting security. I don't know how much more succinctly I could have originally put it, and I thought that it was obvious that this is a Bad Thing. You can't reach everybody.

The "backwards-incompatible change" was part of a security fix, not an unrelated non-security change.

Github's code doesn't rely on the security flaw to function. Their code should keep working after the security fix.

Anyone who has ever consumed an API to build something they don't want to break understands this.

Yes, it is obvious that this is a Bad Thing. That's why, no matter how succinct, I don't think your comment is particularly useful. I didn't find that it added anything to the discussion.

Not every comment on Hacker News is useful. I'd say I was going for poignant if anything.

I took it more like "oh look, another Rails security flaw, big surprise". Not "move along, nothing to see", but rather "take pause and reconsider using Rails".

The point isn't that they had a security flaw, it's that the patch release fixing it changed the god damn default ORM's semantics!

I'm not sure why you found it necessary to post that comment, or why I found it necessary to post this one.

And I can't figure out why either of you two posted. Or why I'm posting.

I guess it is what it is.