On Wed, Apr 1, 2009 at 9:32 AM, Daniel Berger <djber...@gmail.com> wrote:
> Chad Woolley wrote: > >> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbr...@segment7.net> wrote: >> >>> It seems that there was a bogus github gem floating around, mojombo-grit. >>> It was adding directories to the file list... I'm investigating it. >>> >> >> Hmm: >> http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde >> >> What I'm wondering is - how easy would it be to do this maliciously >> and with greater effect, if this minor snafu caused problems. >> >> How's that circle of trust thing coming? >> > > If it comes to it we'll start requiring gem signatures. :) > Most other packaging systems use MD5 signatures by default (apt-get, pear, maven etc) Why isn't Rubygems doing it? Aslak > > Dan > > > _______________________________________________ > Rubygems-developers mailing list > Rubygems-developers@rubyforge.org > http://rubyforge.org/mailman/listinfo/rubygems-developers >
_______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
