OK...so you want to bet I can write malicious Ruby code that a QA person
would not find?  I mean really, QA is fine, 'this appears to work well...no
obvious flaws' but it is NOT security.  It quite silly to equate the two.

That is, unless the QA team wants to _legally guarantee_ the code they are
approving...now that is quite another matter entirely ;-)

-rich

On 8/13/04 12:31 AM, "David Ross" <drossruby / yahoo.com> wrote:

> Okay, right now he has accomplished pretty much
> everything he needs to do to start attacking. He
> releases a gem. It gets copied over without being
> looked at by a QA team. Ok, fine.