On Jan 14, 2007, at 10:50 AM, Tom Copeland wrote:

> On Sun, 2007-01-14 at 13:20 -0500, Tom Copeland wrote:
>> On Mon, 2007-01-15 at 00:56 +0900, SonOfLilit wrote:
>>> So if I have a RubyForge account I can upload a modified gem, of,  
>>> say,
>>> Rails, with a backdoor, and unknowing ruby users will  
>>> accidentally install
>>> it and open a backdoor in production rails servers?
>>
>> We built various checks into the gem index builder on RubyForge
>> to prevent overlapping gems from being deployed.  Perhaps there are
>> holes in these checks, and if so, we'll fix them.
>
> Also, it seemed prudent to not deploy any more gems until we get this
> sorted out.  So I've commented out the cron job that does that.
>
> Yours,
>
> Tom


Hey Tom-

	I was just wondering when you were going to start pushing gems out  
again? I released a gem yesterday morning and it still hasn't  
propagated yet.

Thanks-

-- Ezra Zygmuntowicz 
-- Lead Rails Evangelist
-- ez / engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)