It has code signing. It's just optional, inconvenient, and so unused because of ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		burnt-resistor 6 months ago \| parent \| context \| favorite \| on: Gem.coop It has code signing. It's just optional, inconvenient, and so unused because of Tragedy of the Commons and complacency. https://guides.rubygems.org/security/ https://www.benjaminfleischer.com/2013/11/08/how-to-sign-you...

phoronixrly 6 months ago [–]

As I said, it's as good as no code signing. The very lack of a chain of trust stemming from rubygems that can be used to verify gem authenticity makes the whole thing useless.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact