[Rubygems-developers] gem problem

James Tucker jftucker at gmail.com
Wed Apr 1 06:33:36 EDT 2009


On 1 Apr 2009, at 06:13, Chad Woolley wrote:

> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbrain at segment7.net>  
> wrote:
>> It seems that there was a bogus github gem floating around, mojombo- 
>> grit.
>>  It was adding directories to the file list...  I'm investigating it.
>
> Hmm:  http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde
>
> What I'm wondering is - how easy would it be to do this maliciously
> and with greater effect, if this minor snafu caused problems.

Create a github user called ruby, now you can easily replace any of  
the ruby- projects with new counterparts from the github gem server,  
for a great many users.

1 of many

>
> How's that circle of trust thing coming?
>
> -- Chad
> _______________________________________________
> Rubygems-developers mailing list
> Rubygems-developers at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rubygems-developers



More information about the Rubygems-developers mailing list