[Rubygems-developers] gem problem

Daniel Berger djberg96 at gmail.com
Wed Apr 1 03:32:19 EDT 2009


Chad Woolley wrote:
> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbrain at segment7.net> wrote:
>> It seems that there was a bogus github gem floating around, mojombo-grit.
>>  It was adding directories to the file list...  I'm investigating it.
> 
> Hmm:  http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde
> 
> What I'm wondering is - how easy would it be to do this maliciously
> and with greater effect, if this minor snafu caused problems.
> 
> How's that circle of trust thing coming?

If it comes to it we'll start requiring gem signatures. :)

Dan



More information about the Rubygems-developers mailing list