On Sun, 2007-01-14 at 13:20 -0500, Tom Copeland wrote:
> On Mon, 2007-01-15 at 00:56 +0900, SonOfLilit wrote:
> > So if I have a RubyForge account I can upload a modified gem, of, say,
> > Rails, with a backdoor, and unknowing ruby users will accidentally install
> > it and open a backdoor in production rails servers?
> 
> We built various checks into the gem index builder on RubyForge
> to prevent overlapping gems from being deployed.  Perhaps there are
> holes in these checks, and if so, we'll fix them.

Also, it seemed prudent to not deploy any more gems until we get this
sorted out.  So I've commented out the cron job that does that.

Yours,

Tom