Hello from the TUF team
Trishank Karthik Kuppusamy
tk47 at students.poly.edu
Fri Feb 15 08:39:53 UTC 2013
We hear from Donald Stufft at the Python Catalog-SIG mailing list that
you are interested in securing rubygems.
We are The Update Framework (TUF) project
[https://www.updateframework.com/], and we would like to help Ruby and
Python folks to help secure their package managers.
TUF is a framework designed by computer scientists from NYU-Poly,
University of Washington and the Tor project to help solve some of the
more common problems with securing software updaters.
Here are some papers we wrote on the subject:
What we would like to do is to help the rubygems community to understand
how you may use TUF to secure your package manager with security
designed carefully and intrinsically, so that you do not have to worry
about the most common security issues.
Donald, havenwood and raggi introduced us to the Rubygems Trust Model
document [http://goo.gl/ybFIO], and we will comment on it as soon as we
find the time. In fact, we are going to have a TUF hackathon here in a
few hours, and we hope to make more progress on these matters soon enough.
Please feel free to reach out to us with your questions!
More information about the RubyGems-Developers