Remember, 'signing gems' is a panacea.
-
-
Replying to @steveklabnik
@steveklabnik Right, you could sign a malicious gem. At least you'd know who made it?2 replies 0 retweets 0 likes -
Replying to @seancribbs
@seancribbs not just that, but the current state of gem signing is pretty poor. For good reasons.2 replies 0 retweets 0 likes -
Replying to @steveklabnik
@steveklabnik@seancribbs I remember looking into signing before speaking on gems at RubyC - never got the impression it was helpful.1 reply 0 retweets 0 likes -
Replying to @pat
@pat@seancribbs it is as helpful as a SHA1 of the contents.2 replies 0 retweets 0 likes -
Replying to @steveklabnik
@steveklabnik@pat Yes, you need identity verification as well as integrity. Even that may not be enough /cc@bascule1 reply 0 retweets 0 likes -
Replying to @seancribbs
@seancribbs@pat@bascule yepp. And we can do it, it just takes work!2 replies 0 retweets 0 likes -
Replying to @steveklabnik2 replies 0 retweets 0 likes
-
Replying to @bascule
@bascule@steveklabnik@seancribbs and I do love the ease of publishing gems since the shift to gemcutter. Not a fan of dropping that.1 reply 0 retweets 0 likes
@pat @steveklabnik @seancribbs yeah I'm trying to come up with a system that preserves the nice UX of gems today. That's my main argument
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.