Signing the gem with a PGP key
normalperson at yhbt.net
Mon Mar 11 22:48:12 UTC 2013
Hongli Lai <hongli at phusion.nl> wrote:
> After the recent Rubygems.org hack it became clear that somethings
> needs to be done about authenticating gems. One of the efforts that
> was launched is http://www.rubygems-openpgp-ca.org/. We at Phusion
> have just finished signing all our gems and repositories with our PGP
> key, and our PGP key has been verified and signed by this CA.
> It would be great if Unicorn can participate as well by signing future
> releases. If you already use GnuPG then the process is extremely
Can we designate gems be signed by a trusted third party (e.g. you?)
That's how Debian (and presumably other OS distros work).
_Nobody_ should trust me. I have and maintain zero credibility.
The only credibility any unicorn has is what its users give it.
More information about the mongrel-unicorn