hmm. Okay, not design flaw, security flaw. I always
seem to use wrong words. Since I keep calling it a
security problem, it shouldn't be called a design
problem.

People who download shouldn't have to be cautious as
to look at the code. It should be up to someone else.
Similar to what debian package QA. --David Ross



--- Chad Fowler <chadfowler / gmail.com> wrote:

> On Fri, 13 Aug 2004 12:50:50 +0900, David Ross
> <drossruby / yahoo.com> wrote:
> > Heres food for thought..
> > 
> > What stops someone who has a registered project on
> > RubyForge to abuse Gems? A constructive criticism
> in
> > major design flaw. This is why a central
> repository
> > where there is a QA team is good. They can look at
> > code.
> > 
> 
> This is not a design flaw.  It's an add-on feature
> for RubyForge.  It
> has nothing to do with design of RubyGems or
> RubyForge.  RubyGems'
> no-controlled approach is very reminiscent of, say,
> the way RAA works.
>  Or the Web, for that matter.  If you want to
> inspect a gem before you
> install it, it's very much like any other packaging
> system:  download
> the gem, unpack it, look through it, see that it's
> OK, install it. 
> The remote repository is a convenience but not at
> all a necessity. 
> For the vast majority, it makes things easier.  For
> the few that
> aren't comfortable with it, you have an easy option
> of not using
> auto-installation.
> 
> There's nothing stopping someone from putting a
> QA'd, controlled
> repository together with RubyGems.  Just not on my
> priority list. 
> Anyone's free to do it if they feel it's valuable,
> though.
> 
> Chad
> 
> > `rm -rf /` :)
> > 
> > ---------------------------
> > David Ross
> > Phone: 865.539.3798
> > Email: drossruby [at] yahoo.com
> > ---------------------------
> > 
> > 
> > 
> > --- James Britt <jamesUNDERBARb / neurogami.com>
> wrote:
> > 
> > > Richard Kilmer wrote:
> > >
> > > > Release the file like you would any file (in
> the
> > > Files tab).  RubyForge
> > > > picks them up and puts them in the repo, and
> they
> > > are (within an hour for
> > > > now) available for remote download.
> > >
> > >
> > > Excellent!  Thanks.
> > >
> > >
> > > James
> > > >
> > > > -rich
> > > >
> > > >
> > >
> > >
> > >
> > >
> > 
> >                 
> > __________________________________
> > Do you Yahoo!?
> > New and Improved Yahoo! Mail - Send 10MB messages!
> > http://promotions.yahoo.com/new_mail
> > 
> >
> 
> 



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail