Hey gang (this is primarily a way to get a message to snusnu), I am poking around w/ dm-rails and one thing that immediately jumped out at me was the invocation that http://github.com/datamapper/dm-rails recommends is just ripe for a man in the middle attack. Additionally invocation that requires hitting the web means that you can't start new projects when you don't have a net connection.
wycats suggested that there should be a railties generator that we distribute with the dm-rails gem (like the ones used in beard for instance http://github.com/carlhuda/beard/tree/master/lib/generators/ ). And while that doesn't fix the MitM attack vector (which did spawn an interesting conversation on twitter regarding rubygems' security model), it will reduce the opportunity for attack and also make it runnable locally. So if ppl think that's the way to go (i do), or have objections, please say so! -Ted -- You received this message because you are subscribed to the Google Groups "DataMapper" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/datamapper?hl=en.
