Right and the way to address this is to have a public/private encryption key
pair that signs the stored RubyGem/code a la Java Jar signing.

-Rich

> -----Original Message-----
> From: Dan Sugalski [mailto:dan / sidhe.org]
> Sent: Sunday, January 06, 2002 9:38 PM
> To: ruby-talk ML
> Subject: [ruby-talk:30401] Re: snippet exchange (was: Re: Re: chomp for
> arrays?)
>
>
> At 06:31 AM 1/7/2002 +0900, Mark Hahn wrote:
>
> >A daydream of mine is a "super-require" that if the file was not
> found, the
> >loader would go to a central place on the web and load it (sort of like
> >marimba).  I don't tend to use other people's modules just
> because I'm too
> >lazy to find and install them.
>
> That's a rather dangerous thing to implement. There are an awful lot of
> security issues there...
>
> 					Dan
>
> --------------------------------------"it's like this"-------------------
> Dan Sugalski                          even samurai
> dan / sidhe.org                         have teddy bears and even
>                                       teddy bears get drunk
>
>