Mailinglist Archive: opensuse-ruby (10 mails)

< Previous Next >
Re: [opensuse-ruby] The case against using RubyGems.org in production
  • From: Lukas Ocilka <lukas.ocilka@xxxxxxxx>
  • Date: Tue, 02 Jul 2013 12:39:23 +0200
  • Message-id: <51D2ADDB.90407@suse.com>
On 07/01/2013 02:12 PM, Stephan Kulow wrote:
On 01.07.2013 13:45, Lukas Ocilka wrote:
Webyast uses brakeman for periodical checking for possible
vulnerabilities and there are other tools out there. We could
incorporate brakeman into the build process of rubygem-* RPMs and forbid
using gems directly. Or we could monitor upstream projects in use. Still
not a bullet-proof way but might be better than nothing.

I doubt brakeman would highlight anything described in the blog

Well, you might be right. We haven't tried that yet. Neither with breakman nor with any other (security) scanner.

Lukas

--

Lukas Ocilka, Cloud & Systems Management Department
SUSE LINUX s.r.o., Praha
--
To unsubscribe, e-mail: opensuse-ruby+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-ruby+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation