Should we remove your rubyforge account now?

If someone does that, its traced to their project, and their identity.  What
stops someone from putting `rm -rf /` in ANY ruby library?  Have you read
every line of every ruby library and c extension in ruby to verify that
those commands are not present.  Does a packager check every line of C code
in a native extension to make sure that those lines are not present?  There
is a point where trust is assumed...the question is at what point.  Not
saying that QA is bad, just that autonomy is not bad either...it scales
really well.

-rich


On 8/12/04 11:50 PM, "David Ross" <drossruby / yahoo.com> wrote:

> Heres food for thought..
> 
> What stops someone who has a registered project on
> RubyForge to abuse Gems? A constructive criticism in
> major design flaw. This is why a central repository
> where there is a QA team is good. They can look at
> code.
> 
> `rm -rf /` :)
> 
> ---------------------------
> David Ross
> Phone: 865.539.3798
> Email: drossruby [at] yahoo.com
> ---------------------------
> 
> --- James Britt <jamesUNDERBARb / neurogami.com> wrote:
> 
>> Richard Kilmer wrote:
>> 
>>> Release the file like you would any file (in the
>> Files tab).  RubyForge
>>> picks them up and puts them in the repo, and they
>> are (within an hour for
>>> now) available for remote download.
>> 
>> 
>> Excellent!  Thanks.
>> 
>> 
>> James
>>> 
>>> -rich
>>> 
>>> 
>> 
>> 
>> 
>> 
> 
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - Send 10MB messages!
> http://promotions.yahoo.com/new_mail
> 
>