[Rubygems-developers] [PATCH] Add Gem Signing Support to RubyGems

Paul Duncan pabs at pablotron.org
Tue Apr 26 19:02:37 EDT 2005


* Chad Fowler (chad at chadfowler.com) wrote:
> 
> On 26-Apr-05, at 4:22 PM, Paul Duncan wrote:
> 
> >Hi Everyone,
> >
> >Attached is a patch against RubyGems 0.8.10 that adds cryptographic
> >signature support to Ruby Gems via OpenSSL.  Attached to this email
> >(and included in the patch under doc/) is some fairly detailed and
> >(hopefully) straightforward documentation explaining how to adjust your
> >security policy, create a gem signing certificate, and sign your own
> >gems.
> >
> >These changes should be backwards compatible (ie, signed gems will work
> >properly in older versions of Ruby Gems).
> >
> >The patch (and PGP signature) are also available online at the 
> >following
> >URLs:
> >
> >  http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz
> >  http://pablotron.org/files/rubygems-0.8.10-sign.diff.gz.asc
> >
> >PS. I let Chad know that this patch was coming a couple weeks ago, so 
> >if
> >it doesn't apply clean for any reason, he's the one to throw rocks at,
> >not me! :)
> >
> 
> Wow, Paul.  This is great.  I haven't had a chance to try it out yet, 
> but i read the docs and was very impressed.  Wonderful job documenting, 
> too!

You're just worried about the rocks at the end of the message!  But
thanks either way :).

> Any other RubyGemmers that are more signing-savvy than me want to take 
> a look?
> 
> Chad

-- 
Paul Duncan <pabs at pablotron.org>        OpenPGP Key ID: 0x82C29562
http://www.pablotron.org/               http://www.paulduncan.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://rubyforge.org/pipermail/rubygems-developers/attachments/20050426/c88caf2c/attachment.bin


More information about the Rubygems-developers mailing list