[Rubygems-developers] [PATCH] Add Gem Signing Support to RubyGems
pabs at pablotron.org
Tue Apr 26 19:02:37 EDT 2005
* Chad Fowler (chad at chadfowler.com) wrote:
> On 26-Apr-05, at 4:22 PM, Paul Duncan wrote:
> >Hi Everyone,
> >Attached is a patch against RubyGems 0.8.10 that adds cryptographic
> >signature support to Ruby Gems via OpenSSL. Attached to this email
> >(and included in the patch under doc/) is some fairly detailed and
> >(hopefully) straightforward documentation explaining how to adjust your
> >security policy, create a gem signing certificate, and sign your own
> >These changes should be backwards compatible (ie, signed gems will work
> >properly in older versions of Ruby Gems).
> >The patch (and PGP signature) are also available online at the
> > http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz
> > http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz.asc
> >PS. I let Chad know that this patch was coming a couple weeks ago, so
> >it doesn't apply clean for any reason, he's the one to throw rocks at,
> >not me! :)
> Wow, Paul. This is great. I haven't had a chance to try it out yet,
> but i read the docs and was very impressed. Wonderful job documenting,
You're just worried about the rocks at the end of the message! But
thanks either way :).
> Any other RubyGemmers that are more signing-savvy than me want to take
> a look?
Paul Duncan <pabs at pablotron.org> OpenPGP Key ID: 0x82C29562
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://rubyforge.org/pipermail/rubygems-developers/attachments/20050426/c88caf2c/attachment.bin
More information about the Rubygems-developers