Quoting Josef Reidinger
On Thu, 31 Jan 2013 17:41:15 +0100 Cornelius Schumacher
wrote: On Thursday 31 January 2013 15:13:12 Stephan Kulow wrote:
Using bundler/gem just dropped from that list:
http://blog.newrelic.com/2013/01/30/new-relic-and-rubygems-security/
How is this related to the question how gems are packaged? In the end they are all coming from rubygems in any case.
Well, there is one big difference. We control it. So e.g. if OBS is extended to provide also difs for
"if it were extended" ....
gems, you can review changes from last submit and review it. If you use directly rubygems.org, then you depend on external service, where is no guaranty and as last case show no review. Of course own gem server is different case, but there is other problems like that we must maintain it. It must be public so also we must secure it etc.
Josef -- To unsubscribe, e-mail: opensuse-ruby+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-ruby+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-ruby+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-ruby+owner@opensuse.org