Ross Bamford
1/14/2007 2:39:00 PM
On Sun, 14 Jan 2007 11:59:35 -0000, Eric Hodel <drbrain@segment7.net>
wrote:
> On Jan 14, 2007, at 03:20, Ross Bamford wrote:
>> Is the implication here that someone on seattle.rb uploaded a new gem,
>> or that someone hacked Rubyforge to do it, or what?
>
> You can upload a gem of any name to any rubyforge project including gems
> with name collisions. It appears that somebody uploaded a modified copy
> of hoe then deleted it shortly afterward.
>
Gotcha. I didn't realise that. It's kind of worrying actually. Maybe
something that could be tightened up somehow by the Rubyforge folks?
>> Just wondering, since if it's the latter others may need to check their
>> gems too,
>
> While this upsets me to no end, I'll pin it on incompetence and/or
> idoicy.
>
> Whoever did this ignored a perfectly good set of unit tests, testing
> tools, and the gem_server command itself to test out what they were
> doing.
>
Yep, definitely sounds like some combination of the two....
>> and Tom Copeland should probably hear about it.
>
> He's been notified, but he's asleep.
>
Ahh, well, fair enough...
Thanks,
--
Ross Bamford - rosco@roscopeco.remove.co.uk