> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Charlie Savage > Sent: Tuesday, November 25, 2008 9:29 AM > To: [email protected] > Subject: Re: [Rubygems-developers] Executing code after installing gem > > > RubyGems is not designed for arbitrary code execution, > which will be a > > security concern. > > Except it already does by letting a developer specify a > Rakefile in spec.extensions. That's how I hacked around > RubyGems to correctly install dependent dlls into the lib directory. > > Not to mention the fact that once I have my gem installed, it > can pretty much do what it wants.
Interesting. Maybe we should provide a builtin hook for a post installation task on the condition that the gem is signed? Just a thought. Regards, Dan This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
