On Wed, Apr 1, 2009 at 9:32 AM, Daniel Berger <[email protected]> wrote:
> Chad Woolley wrote: > >> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <[email protected]> wrote: >> >>> It seems that there was a bogus github gem floating around, mojombo-grit. >>> It was adding directories to the file list... I'm investigating it. >>> >> >> Hmm: >> http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde >> >> What I'm wondering is - how easy would it be to do this maliciously >> and with greater effect, if this minor snafu caused problems. >> >> How's that circle of trust thing coming? >> > > If it comes to it we'll start requiring gem signatures. :) > Most other packaging systems use MD5 signatures by default (apt-get, pear, maven etc) Why isn't Rubygems doing it? Aslak > > Dan > > > _______________________________________________ > Rubygems-developers mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/rubygems-developers >
_______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
