[ANN] Initial implementation of The Update Framework (TUF) for RubyGems

Tony Arcieri bascule at gmail.com
Fri Nov 22 22:33:07 UTC 2013

Hello there everyone!

Here at Square we've been doing a Hack Week project to improve the security
of RubyGems. We have been basing our efforts off a software update
framework called The Update Framework (TUF) which is based off work done to
secure the update system used by Tor:


We've been working with the TUF team who is already doing similar work to
secure Python's PyPI in addition to creating a prototype implementation for
RubyGems. You can read about their PyPI work here:


We've opened a PR against RubyGems with our initial client-side work. A PR
against RubyGems.org/Gemcutter with the server-side work is forthcoming.
You can view the initial PR here:


We also have a mailing list specific to this project if you're interested
in contributing:


Tony Arcieri

More information about the RubyGems-Developers mailing list