On Tue, Nov 25, 2008 at 2:28 PM, Charlie Savage <[EMAIL PROTECTED]> wrote: >> RubyGems is not designed for arbitrary code execution, which will be a >> security concern. > > Except it already does by letting a developer specify a Rakefile in > spec.extensions. That's how I hacked around RubyGems to correctly install > dependent dlls into the lib directory.
Point taken, but is a flaw, not intentional by design. Talking in a sudoer powered environment, moving dlls do not apply, which was the case Matt asked. > Not to mention the fact that once I have my gem installed, it can pretty > much do what it wants. Yep, RubyGems opens the pandora box, having the power doesn't mean we should abuse of it, so in the future when it gets fixed we don't rant about loosing that cool feature ;-) -- Luis Lavena AREA 17 - Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. Douglas Adams _______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
