> -----Original Message----- > From: rubygems-developers-boun...@rubyforge.org > [mailto:rubygems-developers-boun...@rubyforge.org] On Behalf > Of Eric Hodel > Sent: Wednesday, April 01, 2009 2:50 PM > To: rubygems-developers@rubyforge.org > Subject: Re: [Rubygems-developers] gem problem > > > On Mar 31, 2009, at 22:13, Chad Woolley wrote: > > > On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbr...@segment7.net> > > wrote: > >> It seems that there was a bogus github gem floating > around, mojombo- > >> grit. > >> It was adding directories to the file list... I'm > investigating it. > > > > Hmm: > > > http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b03 > > 47baecde > > > > What I'm wondering is - how easy would it be to do this maliciously > > and with greater effect, if this minor snafu caused problems. > > No matter how much I try to idiot proof things... > > One of the bigger problems in packaging gems is people who > use glob or regexp to find files instead of a manifest file.
We could consider mandating that any files in the gem must also exist in a manifest file and/or capping the file limit. Just a thought. Dan _______________________________________________ Rubygems-developers mailing list http://rubyforge.org/projects/rubygems Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
