So the ruby community is going to attempt to run it's own vulnerability tracker and CA. This ought to end well.
@rich0H do you think it really makes sense for gpg to be a hard dependency of rubygems? Ruby isn't a Linux distro
-
-
@bascule If you don't want to install GPG then just ignore the signatures and have no less security than you have right now? -
@rich0H OpenSSL is already in the Ruby standard library and RubyGems already supports X.509 certificates. Why switch to GPG? -
@bascule Too long for tweets. Where do you IRC? -
@rich0H#rubygems-trust is where this is being discussed. See also: https://github.com/rubygems-trust
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.