Y
Hacker News
new
|
ask
|
show
|
jobs
by
jshawl
1460 days ago
FWIW signed packages are available out of the box with rubygems: <
http://docs.seattlerb.org/rubygems/Gem/Security.html
>
1 comments
jacques_chester
1460 days ago
Yes, but rarely used -- it's clunky. When I scraped the top 10k gems, < 1% had valid and up-to-date signatures.
link
jupp0r
1458 days ago
Notably, signatures are not checked by bundler when installing gems.
link