Mailinglist Archive: opensuse-ruby (3 mails)

< Previous Next >
Re: [opensuse-ruby] new wiki page for Ruby gem packaging strategies
On Thu, 31 Jan 2013 18:57:34 +0100
Jordi Massaguer Pla <jmassaguerpla@xxxxxxx> wrote:

Quoting Josef Reidinger <jreidinger@xxxxxxx>:

On Thu, 31 Jan 2013 17:41:15 +0100
Cornelius Schumacher <cschum@xxxxxxx> wrote:

On Thursday 31 January 2013 15:13:12 Stephan Kulow wrote:

Using bundler/gem just dropped from that list:

http://blog.newrelic.com/2013/01/30/new-relic-and-rubygems-security/

How is this related to the question how gems are packaged? In the
end they are all coming from rubygems in any case.


Well, there is one big difference.
We control it. So e.g. if OBS is extended to provide also difs for
gems, you can review changes from last submit and review it. If you
use directly rubygems.org, then you depend on external service,
where is no guaranty and as last case show no review.
Of course own gem server is different case, but there is other
problems like that we must maintain it. It must be public so also
we must secure it etc.

"must be public" ?? I do not see why.

Well, maybe my fault. I think that this disqualify solution that zypper
can work with rubygems. Because in this case all customer should be
able to download from rubygems org or from our gemserver. It is also
valid for any solution that do not pack all required gems during build
on internal server ( because OBS is in public network, so only IBS can
do it ).
Josef



Josef
--
To unsubscribe, e-mail: opensuse-ruby+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-ruby+owner@xxxxxxxxxxxx





--
To unsubscribe, e-mail: opensuse-ruby+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-ruby+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups