Should I be worried about the RVM warning about Ruby 1.8.7?

Question

To what degree should I be worried about the following warning that is displayed after installing Ruby 1.8.7-head via RVM:

Please be aware that you just installed a ruby that requires 2 patches just to be compiled on up to date linux system. This may have known and unaccounted for security vulnerabilities.

Answer 1

Yes. Someone thought it was important enough to write that for people to read. Ruby is a fast moving language and 1.8.7 is all but dead. I would suggest 1.9.2 if you like something a little more slow moving, or 1.9.3 if you like living on the edge.

Answer 2

It depends on what you're using it for. We use rvm to build 1.8.7-series rubies so that we can develop on a recent OS but deploy conservatively. For instance, the ruby on Debian Squeeze is ruby-1.8.7-p302, and it's important to us to know that our code works there as written, no matter what OS we're individually developing on. In this case, I'd ignore that warning.

If you're using RVM to provide your production ruby, I'd pay more attention.