On Wed, 21 Dec 2005 15:28:33 -0000, Austin Ziegler <halostatue / gmail.com>  
wrote:

> On 17/12/05, Ross Bamford <rosco / roscopeco.remove.co.uk> wrote:
>> Is there any chance it could be made slightly more general? Like:
>>
>>         http://rubyforge.org/tracker/index.php?func=detail&aid=2890&group_id=126&atid=578
>>
>> so you could 'puts' any message you liked, and also do additional
>> installation (e.g. manpages) or processing (e.g. populate a database  
>> from
>> the net).
>
> I would suggest that the feature be set up as follows:
>
>   * Any gem may display a message.
>   * Signed gems may execute extra commands, but only after asking the  
> user.
>
> The user should ultimately be able to identify authors that are
> trusted so that trusted signed gems may execute extra stuff without
> asking the user.
>

That seems sensible. It would certainly be a nice feature to have (for me,  
anyway), but since I guess most gem installs run as root it's definitely a  
good point that it has to be trustworthy. :)

I guess it could have a similar keystore functionality to RPM or similar,  
grab key and install with gem install-key or something. Nothing too  
fancy...

-- 
Ross Bamford - rosco / roscopeco.remove.co.uk