Initial TUF integration with RubyGems

Tony Arcieri bascule at gmail.com
Wed Nov 20 19:04:59 UTC 2013


Hi there! The team here at Square has some code for you to look at if you'd
like to perform some initial review.

We're committing to the "tuf" branch on the Square fork of RubyGems and
RubyGems.org:

https://github.com/square/rubygems/commits/tuf
https://github.com/square/rubygems.org/commits/tuf

So far the server contains the main code spike, including the code
necessary to generate TUF metadata and download and verify a gem.

You can find the client here:

https://github.com/square/rubygems.org/blob/tuf/script/fetch-me-a-gem-with-tuf

We'll be moving this code into the RubyGems client, which is a bit tricky
as we can only depend on the standard library and still need to work on
ancient versions of Ruby that don't even ship a JSON parser.

-- 
Tony Arcieri


More information about the RubyGems-Developers mailing list