Hello there everyone! Here at Square we've been doing a Hack Week project to improve the security of RubyGems. We have been basing our efforts off a software update framework called The Update Framework (TUF) which is based off work done to secure the update system used by Tor:
https://updateframework.com/projects/project We've been working with the TUF team who is already doing similar work to secure Python's PyPI in addition to creating a prototype implementation for RubyGems. You can read about their PyPI work here: https://github.com/theupdateframework/pep-on-pypi-with-tuf We've opened a PR against RubyGems with our initial client-side work. A PR against RubyGems.org/Gemcutter with the server-side work is forthcoming. You can view the initial PR here: https://github.com/rubygems/rubygems/pull/719 We also have a mailing list specific to this project if you're interested in contributing: https://groups.google.com/forum/#!forum/rubygems-tuf -- Tony Arcieri _______________________________________________ RubyGems-Developers mailing list http://rubyforge.org/projects/rubygems [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
