@bascule I'm working on Coinpunk, what's your advice was on protecting against code injection via Rubygems ATM? `bundle package` and pray?
@kyledrake and yeah, when you ship a release, ship it with gems bundled from your server (hopefully). JRuby/Warbler makes that easier
-
-
@bascule I will look into that. Thank you! -
@kyledrake with Java you should also be able to sign your releases since signing JARs is actually a thing :O -
@bascule It would be nice to make a self-executable MRI package I could sign too. I guess I could make Coinpunk into a big gem and sign that -
@kyledrake maybe talk to@mitchellh ? I'm sure he has similar concerns around Vagrant -
@bascule@kyledrake I do make MSIs and I also sign them: http://downloads.vagrantup.com (same with OS X pkgs). It sucks to do though.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.