On Tue, 2007-01-16 at 23:05 -0500, Paul Duncan wrote: > if I > wanted to install a trojan on thousands of peoples' machines, all I'd > need to do would be to build a malicious gem (see below), called > "rails-2.0" and upload it to my gem directory, then sit and wait.
Hm, but that gem wouldn't be deployed on the RubyForge gem index unless it was uploaded to the rails project on RubyForge... so only folks who deliberately downloaded the gem from your project area would get p0wnd... Yours, Tom _______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
