[Rubygems-developers] [PATCH] Add Gem Signing Support to RubyGems

Chad Fowler chad at chadfowler.com
Tue Apr 26 18:49:21 EDT 2005


On 26-Apr-05, at 4:22 PM, Paul Duncan wrote:

> Hi Everyone,
>
> Attached is a patch against RubyGems 0.8.10 that adds cryptographic
> signature support to Ruby Gems via OpenSSL.  Attached to this email
> (and included in the patch under doc/) is some fairly detailed and
> (hopefully) straightforward documentation explaining how to adjust your
> security policy, create a gem signing certificate, and sign your own
> gems.
>
> These changes should be backwards compatible (ie, signed gems will work
> properly in older versions of Ruby Gems).
>
> The patch (and PGP signature) are also available online at the 
> following
> URLs:
>
>   http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz
>   http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz.asc
>
> PS. I let Chad know that this patch was coming a couple weeks ago, so 
> if
> it doesn't apply clean for any reason, he's the one to throw rocks at,
> not me! :)
>

Wow, Paul.  This is great.  I haven't had a chance to try it out yet, 
but i read the docs and was very impressed.  Wonderful job documenting, 
too!

Any other RubyGemmers that are more signing-savvy than me want to take 
a look?

Chad



More information about the Rubygems-developers mailing list