But to answer your question, yes there is a system for signing gems, though it's not widely used: https://guides.rubygems.org/security/