On 1/14/07, SonOfLilit <sonoflilit / gmail.com> wrote:
> So if I have a RubyForge account I can upload a modified gem, of, say,
> Rails, with a backdoor, and unknowing ruby users will accidentally install
> it and open a backdoor in production rails servers?

I think if security is an issue, you should not download directly from
RubyForge via gems, but set up an audited gem server locally.  (Or
download the files and gem install them locally)

Of course, this does not mean that such a problem isn't seriously disruptive.