Postmodern

Testing with rubygems, `< 4.0.0` will include `4.0.0.beta`. ``` dep = Gem::Requirement.new('< 4.0.0') dep.satisfied_by?(Gem::Version.new('4.0.0.beta1')) # => true ```

From #rubygems: ``` < 4.0.0.beta ``` Confirmed that `< 4.0.0.beta` excludes 4.0.0, 4.0.0.beta, 4.0.0.rc, 4.0.0.beta.

Hmm let's wait on `titles` since that will require manually summarizing the description. Descriptions can be scraped from NVD (`//p[@data-testid="vuln-description"]`).

This is a really difficult problem as not all vulnerabilities exist in a single method. Often the vulnerable method is not directly called, but called through a chain of other...

> Regarding calling a vulnerable method through a chain of other methods. I think we have a solution for that, and please tell me if there are issues with this....

> Sometimes upgrading gems breaks other things, so there is a kind of a tradeoff there. This rarely happens due to the Ruby ecosystem strict adherence to Semantic Versioning. It's...

I will send an email asking whether they've looked at ruby-advisory-db or if they need additional data (maybe a `date` field?).

Got this feed back: > After hearing about some Ruby security issues I got to wondering how people are supposed to find about about these things. I read something on...

I also thought about setting up a simple blog to announce advisories with an atom feed.

Thanks to @tarcieri there is now an [Atom feed of database](http://rubysec.github.com/atom.xml). Perhaps we could make another Atom feed containing YAML or JSON data, and see if James Britt prefers that...