Gem Security

1 view
Skip to first unread message

Will Green

unread,
Sep 2, 2010, 10:55:32 PM9/2/10
to nu-net
One of the points that was brought up on the Herding Code episode was
the need for security of gems (since we distribute binary assemblies
in .NET). So, I did a quick search in the Gem manual to see if the
smart guys behind Ruby Gems (if you don't know the guys behind Ruby
Gems, they are *wicked* smart people) had given any thought to
security.

Lo and behold: http://rubygems.rubyforge.org/rdoc/Gem/Security.html

Thoughts?

==
Will Green

Nick Quaranto

unread,
Sep 2, 2010, 10:59:00 PM9/2/10
to nu-...@googlegroups.com
Just a heads up, the ruby 'brainiacs' here aren't even using signed gems yet for the most part. The main problem is solving WHO signs it, and how you'd trust a gem. As far as I know, only Hoe (a kind of ancient Jeweler that is really, really invasive to your gem project) actually signs gems.


We've had a request or two for some kind of cert publishing but nothing has come up so far. http://github.com/rubygems/gemcutter/issues#issue/96
Reply all
Reply to author
Forward
0 new messages