See below. -- Evan Phoenix // e...@fallingsnow.net
On Thursday, May 26, 2011 at 3:38 PM, Luis Lavena wrote: > On Thu, May 26, 2011 at 6:34 PM, Grant Olson <k...@grant-olson.net > (mailto:k...@grant-olson.net)> wrote: > > On 5/26/11 5:56 PM, Evan Phoenix wrote: > > > I apologize for the top posting, but the comment applies to the whole > > > thing. > > > > > > Grant, one of the requirements for any signing strategy is that it can be > > > implemented all in ruby, specifically with things provided by the ruby > > > standard library. This by and large means OpenSSL. > > > > > > Could a PGP-style setup be fully implemented in ruby and hosted entirely > > > by us (not require an pgp keyservers)? > > > > My philosophy was to dump as much of the real crypto to the existing > > infrastructure as possible, so we don't need to worry about bone-headed > > crypto mistakes in our code. But I see where you're coming from. > > > > The proof-of-concept code I have right now just shells out to gpg with > > backticks and degrades gracefully if there's no gpg. There's no > > verification, but you can still install the gem, and run rubygems > > without any external dependencies. > > That doesn't defeats the purpose of actually having signed/certified gems? > > As for backticks: on Windows, there is no OpenPGP by default and Ruby > works on Windows. Which is why requiring a pgp/gpg command on the system is an unacceptable solution. > > It will be system where PGP is not installed at all. > > -- > Luis Lavena > AREA 17 > - > Perfection in design is achieved not when there is nothing more to add, > but rather when there is nothing more to take away. > Antoine de Saint-Exupéry > _______________________________________________ > Rubygems-developers mailing list > http://rubyforge.org/projects/rubygems > Rubygems-developers@rubyforge.org (mailto:Rubygems-developers@rubyforge.org) > http://rubyforge.org/mailman/listinfo/rubygems-developers _______________________________________________ Rubygems-developers mailing list http://rubyforge.org/projects/rubygems Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
