[Rubygems-developers] gem problem
Berger, Daniel
Daniel.Berger at qwest.com
Wed Apr 1 17:42:28 EDT 2009
> -----Original Message-----
> From: rubygems-developers-bounces at rubyforge.org
> [mailto:rubygems-developers-bounces at rubyforge.org] On Behalf
> Of Eric Hodel
> Sent: Wednesday, April 01, 2009 2:50 PM
> To: rubygems-developers at rubyforge.org
> Subject: Re: [Rubygems-developers] gem problem
>
>
> On Mar 31, 2009, at 22:13, Chad Woolley wrote:
>
> > On Tue, Mar 31, 2009 at 8:10 PM, Eric Hodel <drbrain at segment7.net>
> > wrote:
> >> It seems that there was a bogus github gem floating
> around, mojombo-
> >> grit.
> >> It was adding directories to the file list... I'm
> investigating it.
> >
> > Hmm:
> >
> http://github.com/mojombo/grit/commit/4ac4acab7fd9c7fd4c0e0f4ff5794b03
> > 47baecde
> >
> > What I'm wondering is - how easy would it be to do this maliciously
> > and with greater effect, if this minor snafu caused problems.
>
> No matter how much I try to idiot proof things...
>
> One of the bigger problems in packaging gems is people who
> use glob or regexp to find files instead of a manifest file.
We could consider mandating that any files in the gem must also exist in a manifest file and/or capping the file limit. Just a thought.
Dan
More information about the Rubygems-developers
mailing list