[Rubygems-developers] gem problem

Luis Lavena luislavena at gmail.com
Wed Apr 1 08:15:44 EDT 2009

On Wed, Apr 1, 2009 at 7:33 AM, James Tucker <jftucker at gmail.com> wrote:
> On 1 Apr 2009, at 06:13, Chad Woolley wrote:
>> On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbrain at segment7.net> wrote:
>>> It seems that there was a bogus github gem floating around, mojombo-grit.
>>>  It was adding directories to the file list...  I'm investigating it.
>> Hmm:
>>  http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b0347baecde
>> What I'm wondering is - how easy would it be to do this maliciously
>> and with greater effect, if this minor snafu caused problems.
> Create a github user called ruby, now you can easily replace any of the
> ruby- projects with new counterparts from the github gem server, for a great
> many users.
> 1 of many

Well, that has already been blocked by GitHub already: ruby, net,
win32, and others I believe.

Anyhow, gems should be tested before making available to the indexer,
so that's something GitHub should be poked about.
Luis Lavena
Perfection in design is achieved not when there is nothing more to add,
but rather when there is nothing more to take away.
Antoine de Saint-Exupéry

More information about the Rubygems-developers mailing list