Mailinglist Archive: opensuse-ruby (10 mails)

< Previous Next >
Re: [opensuse-ruby] The case against using RubyGems.org in production
On 07/01/2013 02:05 PM, Jordi Massaguer Pla wrote:
On 07/01/2013 01:45 PM, Lukas Ocilka wrote:
Webyast uses brakeman for periodical checking for possible
vulnerabilities and there are other tools out there. We could
incorporate brakeman into the build process of rubygem-* RPMs and forbid
using gems directly. Or we could monitor upstream projects in use. Still
not a bullet-proof way but might be better than nothing.


what you mean by "forbid using gems directly"?

By creating an internal policy, let's call it strict recommendation.

what you mean by "monitor upstream projects"? Running brakeman on github
projects?

Yes, that's what I meant.

Lukas

--

Lukas Ocilka, Cloud & Systems Management Department
SUSE LINUX s.r.o., Praha
--
To unsubscribe, e-mail: opensuse-ruby+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-ruby+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation