RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Serving ruby gems, the paranoid way

As I wrote in a previous blog post, there are good reasons to be paranoid with Ruby gems: they may have been hacked and “enhanced” with malicious code. It would be great if we could check every gem that we want to install, including their dependencies. You may think “this is not practical at all”, and you are probably right. But still, I wanted to give this idea a try and learn about the challenges that people will face if they want to review their gems before installation. Read More

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in