[Rubygems-developers] Executing code after installing gem
Daniel.Berger at qwest.com
Tue Nov 25 11:34:00 EST 2008
> -----Original Message-----
> From: rubygems-developers-bounces at rubyforge.org
> [mailto:rubygems-developers-bounces at rubyforge.org] On Behalf
> Of Charlie Savage
> Sent: Tuesday, November 25, 2008 9:29 AM
> To: rubygems-developers at rubyforge.org
> Subject: Re: [Rubygems-developers] Executing code after installing gem
> > RubyGems is not designed for arbitrary code execution,
> which will be a
> > security concern.
> Except it already does by letting a developer specify a
> Rakefile in spec.extensions. That's how I hacked around
> RubyGems to correctly install dependent dlls into the lib directory.
> Not to mention the fact that once I have my gem installed, it
> can pretty much do what it wants.
Maybe we should provide a builtin hook for a post installation task on
the condition that the gem is signed?
Just a thought.
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the Rubygems-developers