We do the same thing, but if rubygems is pwned, you would get the tampered gems when you do bundle install/update.
- Matt On Wed, Jan 30, 2013 at 2:04 PM, Adam Grant <[email protected]> wrote: > We vendor our gems in vendor/cache using bundle install, and commit those > to Git. Then we do a > > $ bundle install --local --no-cache --no-prune > > using the built in capistrano recipe that Bundler comes with when we > deploy to a server. > > That way we always have the Gems snapshotted for each release. > > Works well. > > - Adam > > > On Wed, Jan 30, 2013 at 1:28 PM, James Miller <[email protected]> wrote: > >> Or the sugar version of that: >> >> gem "nokogiri", github: "tenderlove/nokogiri", branch: "1.4" >> >> >> On Wed, Jan 30, 2013 at 1:26 PM, Kevin Baker <[email protected]> wrote: >> >>> You could also use a direct source to the github repo for the gem. >>> >>> Example: >>> >>> >>> >>> gem "nokogiri", :git => "git://github.com/tenderlove/nokogiri.git", :branch >>> => "1.4" >>> >>> >>> >>> >>> On Wed, Jan 30, 2013 at 1:14 PM, Matt Aimonetti <[email protected] >>> > wrote: >>> >>>> Your own gem server, (using geminabox or whatever). >>>> >>>> At the moment, no real issues have been found. Some config information >>>> from the server were retrieved but that's about it. The credentials were >>>> changed and the team is looking into potentially tampered gems or server >>>> backdoors. >>>> >>>> Avoid deploying if you can. You can see more info in real time via >>>> freenode: #rubygems >>>> >>>> - Matt >>>> >>>> >>>> On Wed, Jan 30, 2013 at 1:02 PM, Eric MacAdie <[email protected]>wrote: >>>> >>>>> What alternative is there to rubygems.org? >>>>> >>>>> - Eric MacAdie >>>>> >>>>> >>>>> >>>>> On Wed, Jan 30, 2013 at 2:31 PM, Kevin Ball <[email protected]>wrote: >>>>> >>>>>> If you pull your gems from rubygems.org they're recommending halting >>>>>> deploys until they give an all clear >>>>>> >>>>>> Haven't seen any full writeups but there's info here: >>>>>> >>>>>> https://status.heroku.com/incidents/489 >>>>>> https://twitter.com/rubygems_status >>>>>> https://twitter.com/qrush >>>>>> >>>>>> -Kevin >>>>>> >>>>>> -- >>>>>> -- >>>>>> SD Ruby mailing list >>>>>> [email protected] >>>>>> http://groups.google.com/group/sdruby >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "SD Ruby" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> -- >>>>> SD Ruby mailing list >>>>> [email protected] >>>>> http://groups.google.com/group/sdruby >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "SD Ruby" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>>> >>>>> >>>> >>>> -- >>>> -- >>>> SD Ruby mailing list >>>> [email protected] >>>> http://groups.google.com/group/sdruby >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "SD Ruby" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>>> >>> >>> -- >>> -- >>> SD Ruby mailing list >>> [email protected] >>> http://groups.google.com/group/sdruby >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "SD Ruby" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> -- >> -- >> SD Ruby mailing list >> [email protected] >> http://groups.google.com/group/sdruby >> --- >> You received this message because you are subscribed to the Google Groups >> "SD Ruby" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to the Google Groups > "SD Ruby" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
