Gem Security

1 view
Skip to first unread message

Will Green

Sep 2, 2010, 10:55:32 PM9/2/10
to nu-net
One of the points that was brought up on the Herding Code episode was
the need for security of gems (since we distribute binary assemblies
in .NET). So, I did a quick search in the Gem manual to see if the
smart guys behind Ruby Gems (if you don't know the guys behind Ruby
Gems, they are *wicked* smart people) had given any thought to

Lo and behold:


Will Green

Nick Quaranto

Sep 2, 2010, 10:59:00 PM9/2/10
Just a heads up, the ruby 'brainiacs' here aren't even using signed gems yet for the most part. The main problem is solving WHO signs it, and how you'd trust a gem. As far as I know, only Hoe (a kind of ancient Jeweler that is really, really invasive to your gem project) actually signs gems.

We've had a request or two for some kind of cert publishing but nothing has come up so far.
Reply all
Reply to author
0 new messages