--SSjFkhywpXnVG+rz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Austin Ziegler (halostatue / gmail.com) wrote:
> On 17/12/05, Ross Bamford <rosco / roscopeco.remove.co.uk> wrote:
> > Is there any chance it could be made slightly more general? Like:
> >
> >         http://rubyforge.org/tracker/index.php?func=3Ddetail&aid=3D2890=
&group_id=3D126&atid=3D578
> >
> > so you could 'puts' any message you liked, and also do additional
> > installation (e.g. manpages) or processing (e.g. populate a database fr=
om
> > the net).
>=20
> I would suggest that the feature be set up as follows:
>=20
>   * Any gem may display a message.
>   * Signed gems may execute extra commands, but only after asking the use=
r.
>=20
> The user should ultimately be able to identify authors that are
> trusted so that trusted signed gems may execute extra stuff without
> asking the user.

The Gem signing code has a rudimentary security policy framework
(Gem::Security::Policy) which could be extended to support this
behavior.  =20

> -austin
> --
> Austin Ziegler * halostatue / gmail.com
>                * Alternate: austin / halostatue.ca

--=20
Paul Duncan <pabs / pablotron.org>        pabs in #ruby-lang (OPN IRC)
http://www.pablotron.org/               OpenPGP Key ID: 0x82C29562

--SSjFkhywpXnVG+rz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFDqYxDzdlT34LClWIRAraHAKDG1qpR5v7y6yxk12yPKXyaQRYc5ACgpNNa
4OMnVRI7YQk61Do3qOMdm1k=
=OOC8
-----END PGP SIGNATURE-----

--SSjFkhywpXnVG+rz--