Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Re: gem: after installing display text
Austin Ziegler
12/21/2005 3:29:00 PM
On 17/12/05, Ross Bamford <rosco@roscopeco.remove.co.uk> wrote:
> Is there any chance it could be made slightly more general? Like:
>
>
http://rubyforge.org/tracker/index.php?func=detail&aid=2890&group_id=126&am...
>
> so you could 'puts' any message you liked, and also do additional
> installation (e.g. manpages) or processing (e.g. populate a database from
> the net).
I would suggest that the feature be set up as follows:
* Any gem may display a message.
* Signed gems may execute extra commands, but only after asking the user.
The user should ultimately be able to identify authors that are
trusted so that trusted signed gems may execute extra stuff without
asking the user.
-austin
--
Austin Ziegler * halostatue@gmail.com
* Alternate: austin@halostatue.ca
2 Answers
Paul Duncan
12/21/2005 5:10:00 PM
0
* Austin Ziegler (halostatue@gmail.com) wrote:
> On 17/12/05, Ross Bamford <rosco@roscopeco.remove.co.uk> wrote:
> > Is there any chance it could be made slightly more general? Like:
> >
> >
http://rubyforge.org/tracker/index.php?func=detail&aid=2890&group_id=126&am...
> >
> > so you could 'puts' any message you liked, and also do additional
> > installation (e.g. manpages) or processing (e.g. populate a database from
> > the net).
>
> I would suggest that the feature be set up as follows:
>
> * Any gem may display a message.
> * Signed gems may execute extra commands, but only after asking the user.
>
> The user should ultimately be able to identify authors that are
> trusted so that trusted signed gems may execute extra stuff without
> asking the user.
The Gem signing code has a rudimentary security policy framework
(Gem::Security::Policy) which could be extended to support this
behavior.
> -austin
> --
> Austin Ziegler * halostatue@gmail.com
> * Alternate: austin@halostatue.ca
--
Paul Duncan <pabs@pablotron.org> pabs in #ruby-lang (OPN IRC)
http://www.pabl...
OpenPGP Key ID: 0x82C29562
Ross Bamford
12/21/2005 5:31:00 PM
0
On Wed, 21 Dec 2005 15:28:33 -0000, Austin Ziegler <halostatue@gmail.com>
wrote:
> On 17/12/05, Ross Bamford <rosco@roscopeco.remove.co.uk> wrote:
>> Is there any chance it could be made slightly more general? Like:
>>
>>
http://rubyforge.org/tracker/index.php?func=detail&aid=2890&group_id=126&am...
>>
>> so you could 'puts' any message you liked, and also do additional
>> installation (e.g. manpages) or processing (e.g. populate a database
>> from
>> the net).
>
> I would suggest that the feature be set up as follows:
>
> * Any gem may display a message.
> * Signed gems may execute extra commands, but only after asking the
> user.
>
> The user should ultimately be able to identify authors that are
> trusted so that trusted signed gems may execute extra stuff without
> asking the user.
>
That seems sensible. It would certainly be a nice feature to have (for me,
anyway), but since I guess most gem installs run as root it's definitely a
good point that it has to be trustworthy. :)
I guess it could have a similar keystore functionality to RPM or similar,
grab key and install with gem install-key or something. Nothing too
fancy...
--
Ross Bamford - rosco@roscopeco.remove.co.uk
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Re: gem: after installing display text
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password