Quoting Josef Reidinger <[email protected]>:
On Thu, 31 Jan 2013 17:41:15 +0100
Cornelius Schumacher <[email protected]> wrote:
On Thursday 31 January 2013 15:13:12 Stephan Kulow wrote:
>
> Using bundler/gem just dropped from that list:
>
> http://blog.newrelic.com/2013/01/30/new-relic-and-rubygems-security/
How is this related to the question how gems are packaged? In the end
they are all coming from rubygems in any case.
Well, there is one big difference.
We control it. So e.g. if OBS is extended to provide also difs for
gems, you can review changes from last submit and review it. If you use
directly rubygems.org, then you depend on external service, where is no
guaranty and as last case show no review.
Of course own gem server is different case, but there is other problems
like that we must maintain it. It must be public so also we must secure
it etc.
"must be public" ?? I do not see why.
Josef
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
