On 1/17/07, Tom Copeland <[EMAIL PROTECTED]> wrote: > On Tue, 2007-01-16 at 23:05 -0500, Paul Duncan wrote: > > if I > > wanted to install a trojan on thousands of peoples' machines, all I'd > > need to do would be to build a malicious gem (see below), called > > "rails-2.0" and upload it to my gem directory, then sit and wait. > Hm, but that gem wouldn't be deployed on the RubyForge gem index unless > it was uploaded to the rails project on RubyForge... so only folks who > deliberately downloaded the gem from your project area would get > p0wnd...
How does that work, Tom? PDF::Writer's gem is pdf-writer but is on the ruby-pdf project. Transaction::Simple is (I believe) transaction-simple, but the project name is trans-simple (stupid 15 character project name limit). -austin -- Austin Ziegler * [EMAIL PROTECTED] * http://www.halostatue.ca/ * [EMAIL PROTECTED] * http://www.halostatue.ca/feed/ * [EMAIL PROTECTED] _______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
