On Thu, 31 Jan 2013 18:57:34 +0100 Jordi Massaguer Pla <[email protected]> wrote:
> Quoting Josef Reidinger <[email protected]>: > > > On Thu, 31 Jan 2013 17:41:15 +0100 > > Cornelius Schumacher <[email protected]> wrote: > > > >> On Thursday 31 January 2013 15:13:12 Stephan Kulow wrote: > >> > > >> > Using bundler/gem just dropped from that list: > >> > > >> > http://blog.newrelic.com/2013/01/30/new-relic-and-rubygems-security/ > >> > >> How is this related to the question how gems are packaged? In the > >> end they are all coming from rubygems in any case. > >> > > > > Well, there is one big difference. > > We control it. So e.g. if OBS is extended to provide also difs for > > gems, you can review changes from last submit and review it. If you > > use directly rubygems.org, then you depend on external service, > > where is no guaranty and as last case show no review. > > Of course own gem server is different case, but there is other > > problems like that we must maintain it. It must be public so also > > we must secure it etc. > > "must be public" ?? I do not see why. Well, maybe my fault. I think that this disqualify solution that zypper can work with rubygems. Because in this case all customer should be able to download from rubygems org or from our gemserver. It is also valid for any solution that do not pack all required gems during build on internal server ( because OBS is in public network, so only IBS can do it ). Josef > > > > > Josef > > -- > > To unsubscribe, e-mail: [email protected] > > To contact the owner, e-mail: [email protected] > > > > > > -- To unsubscribe, e-mail: [email protected] To contact the owner, e-mail: [email protected]
