1 - how much effort will it be to move OFN code to Rails 4?
We need a bit of time for the upgrade but most of it is simple. Rails mentions all important changes. It’s a 12 step process: Upgrading Ruby on Rails — Ruby on Rails Guides
2 - how important is it to get to rails 4.1 and beyond?
Important. As long as we keep Rails as dependency we need to stay up-to-date. Maybe it’s not urgent but the CSRF protection sound nice.
3 - is there anything I am missing about spree versions after 2.1 that would justify the upgrade?
Unblocking the nokogiri update would be great because of the known vulnerabilities.
4 - have we considered stop following Spree and just go our own way, for example, upgrading OFN to Rails 5/6 without upgrading Spree?
In my opinion that should be our long-term goal. Spree helped in the beginning to set everything up quickly but now it’s a pain. We have so much code in decorators that it makes more sense to have our own classes. My suggestion to de-deface views was the first step. My idea looks like this:
- Replace all Spree views.
- Replace all Spree controllers.
- Replace all Spree models.
We have to do the models last because they are used by everything else. But otherwise there is no reason why we can’t have our own models working with the current database, right? And with our current code quality process we would be in a much better place than with Spree code.