On Wed, Apr 1, 2009 at 7:33 AM, James Tucker <[email protected]> wrote: > > On 1 Apr 2009, at 06:13, Chad Woolley wrote: > >> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <[email protected]> wrote: >>> >>> It seems that there was a bogus github gem floating around, mojombo-grit. >>> It was adding directories to the file list... I'm investigating it. >> >> Hmm: >> http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde >> >> What I'm wondering is - how easy would it be to do this maliciously >> and with greater effect, if this minor snafu caused problems. > > Create a github user called ruby, now you can easily replace any of the > ruby- projects with new counterparts from the github gem server, for a great > many users. > > 1 of many >
Well, that has already been blocked by GitHub already: ruby, net, win32, and others I believe. Anyhow, gems should be tested before making available to the indexer, so that's something GitHub should be poked about. -- Luis Lavena AREA 17 - Perfection in design is achieved not when there is nothing more to add, but rather when there is nothing more to take away. Antoine de Saint-Exupéry _______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
