Hello from the TUF team

Trishank Karthik Kuppusamy tk47 at students.poly.edu
Fri Feb 15 08:39:53 UTC 2013

Hello rubygems,

We hear from Donald Stufft at the Python Catalog-SIG mailing list that 
you are interested in securing rubygems.

We are The Update Framework (TUF) project 
[https://www.updateframework.com/], and we would like to help Ruby and 
Python folks to help secure their package managers.

TUF is a framework designed by computer scientists from NYU-Poly, 
University of Washington and the Tor project to help solve some of the 
more common problems with securing software updaters.

Here are some papers we wrote on the subject:


What we would like to do is to help the rubygems community to understand 
how you may use TUF to secure your package manager with security 
designed carefully and intrinsically, so that you do not have to worry 
about the most common security issues.

Donald, havenwood and raggi introduced us to the Rubygems Trust Model 
document [http://goo.gl/ybFIO], and we will comment on it as soon as we 
find the time. In fact, we are going to have a TUF hackathon here in a 
few hours, and we hope to make more progress on these matters soon enough.

Please feel free to reach out to us with your questions!


More information about the RubyGems-Developers mailing list