On Mon, Mar 11, 2013 at 11:48 PM, Eric Wong <[email protected]> wrote:
> Can we designate gems be signed by a trusted third party (e.g. you?)
> That's how Debian (and presumably other OS distros work).
>
> _Nobody_ should trust me. I have and maintain zero credibility.
> The only credibility any unicorn has is what its users give it.
Well the kind of trust we're talking about here is not trustworthiness
(i.e. "does the software work well and will it refrain from formatting
my harddisk?"), but authenticity ("is this gem made by the Unicorn and
not someone pretending to be him?"). Given that definition of "trust",
having a third party sign the gem is not very useful, and letting you
sign the gem will not make it a statement about trustworthiness,
warranty or credibility.
What do you think?
--
Phusion | Ruby & Rails deployment, scaling and tuning solutions
Web: http://www.phusion.nl/
E-mail: [email protected]
Chamber of commerce no: 08173483 (The Netherlands)
_______________________________________________
Unicorn mailing list - [email protected]
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
