On Mar 31, 2009, at 22:13, Chad Woolley wrote:
On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <[email protected]>
wrote:
It seems that there was a bogus github gem floating around, mojombo-
grit.
It was adding directories to the file list... I'm investigating it.
Hmm:
http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde
What I'm wondering is - how easy would it be to do this maliciously
and with greater effect, if this minor snafu caused problems.
No matter how much I try to idiot proof things...
One of the bigger problems in packaging gems is people who use glob or
regexp to find files instead of a manifest file.
How's that circle of trust thing coming?
_______________________________________________
Rubygems-developers mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/rubygems-developers
