Hello guys,
Did you have the chance to read about this backdoor found in a popular
Ruby gem?
https://www.zdnet.com/article/backdoor-code-found-in-popular-bootstrap-sass-ruby-library/
I was wandering if there is anything we could do to avoid having the
same thing happening. Of course, there is very little we could do if
something like that happened at the code repository, but there are at
least two things we could try:
1 - Start using something like Module::Signature
2 - Fix the PAUSE TLS certificate:
Not sure if you're getting the same, but I just upgraded Firefox on this
Ubuntu 18.04 machine before hitting to PAUSE.
Regards,
Alceu
