[ANN] Initial implementation of The Update Framework (TUF) for RubyGems
17 views
Skip to first unread message
Tony Arcieri
Nov 22, 2013, 5:33:07 PM11/22/13
to theupdate...@googlegroups.com, rubygems-tuf, RubyGems developers mailing list, secu...@ruby-lang.org, ruby-talk ML
Hello there everyone!
Here at Square we've been doing a Hack Week project to improve the security
of RubyGems. We have been basing our efforts off a software update
framework called The Update Framework (TUF) which is based off work done to
secure the update system used by Tor:
https://updateframework.com/projects/project
We've been working with the TUF team who is already doing similar work to
secure Python's PyPI in addition to creating a prototype implementation for
RubyGems. You can read about their PyPI work here:
https://github.com/theupdateframework/pep-on-pypi-with-tuf
We've opened a PR against RubyGems with our initial client-side work. A PR
against RubyGems.org/Gemcutter with the server-side work is forthcoming.
You can view the initial PR here:
https://github.com/rubygems/rubygems/pull/719
We also have a mailing list specific to this project if you're interested
in contributing:
https://groups.google.com/forum/#!forum/rubygems-tuf
--
Tony Arcieri
_______________________________________________
RubyGems-Developers mailing list
http://rubyforge.org/projects/rubygems
RubyGems-...@rubyforge.org
http://rubyforge.org/mailman/listinfo/rubygems-developers
Here at Square we've been doing a Hack Week project to improve the security
of RubyGems. We have been basing our efforts off a software update
framework called The Update Framework (TUF) which is based off work done to
secure the update system used by Tor:
https://updateframework.com/projects/project
We've been working with the TUF team who is already doing similar work to
secure Python's PyPI in addition to creating a prototype implementation for
RubyGems. You can read about their PyPI work here:
https://github.com/theupdateframework/pep-on-pypi-with-tuf
We've opened a PR against RubyGems with our initial client-side work. A PR
against RubyGems.org/Gemcutter with the server-side work is forthcoming.
You can view the initial PR here:
https://github.com/rubygems/rubygems/pull/719
We also have a mailing list specific to this project if you're interested
in contributing:
https://groups.google.com/forum/#!forum/rubygems-tuf
--
Tony Arcieri
_______________________________________________
RubyGems-Developers mailing list
http://rubyforge.org/projects/rubygems
RubyGems-...@rubyforge.org
http://rubyforge.org/mailman/listinfo/rubygems-developers
Reply all
Reply to author
Forward
0 new messages